Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft .

Building on the Foundation of Windows Vista:

Introduction to Windows 7: Security and Management

Dan StoltsIT Pro Evangelist

Microsofthttp://blogs.technet.com/DanStolts

Fundamentally Secure Platform

Protect Users &

Infrastructure

Windows Vista FoundationUser Account ControlEnhanced Auditing

Securing Anywhere

Access

Windows 7 Enterprise SecurityBuilding upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.

Protect Data from

Unauthorized Viewing

Network SecurityNetwork Access ProtectionDirectAccessTM

AppLockerTM

Internet Explorer 8Data Recovery

RMSEFSBitLockerTM

Windows Vista Foundation

Enhanced Auditing

Make the system work well for standard usersAdministrators use full privilege only for administrative tasksFile and registry virtualization helps applications that are not UAC compliant

User Account Control

XML basedGranular audit categoriesDetailed collection of audit resultsSimplified compliance management

Fundamentally Secure Platform

Security DevelopmentLifecycle processKernel Patch ProtectionWindows Service HardeningDEP & ASLR

IE 8 inclusiveMandatory Integrity Controls

User Account Control

demo

Network Security

DirectAccessTM

Ensure that only “healthy” machines can access corporate dataEnable “unhealthy” machines to get clean before they gain access

Network Access Protection

Security protected,seamless, always on connection to corporate networkImproved managementof remote users Consistent security for all access scenarios

Securing Anywhere Access

Windows Firewall can coexist with 3rd party productsMulti-Home ProfilesDNSSec (RFCs 4033, 4034 and 4035)

AppLockerTM Data Recovery

Protect users against social engineering and privacy exploitsProtect users against browser based exploitsProtect users against web server exploits

Internet Explorer 8

File back up and restoreCompletePC™ image-based backup System RestoreVolume Shadow CopiesVolume Revert

Protect Users & Infrastructure

Enables application standardization within an organization without increasing TCOIncrease security to safeguard against data and privacy lossSupport compliance enforcement

7

AppLocker vs Software Restriction Policy

Feature Software Restriction Policies AppLocker

Rule scope All users Specific user or group

Rule conditions provided

File hash, path, certificate, registry path, and Internet zone rules

File hash, path, and publisher rules

Rule types provided Allow and deny Allow and deny

Default rule action Allow or deny Deny

Audit-only mode No Yes

Wizard to create multiple rules at one time

No Yes

Policy import or export

No Yes

Rule collection No Yes

PowerShell support No Yes

Custom error messages

No Yes

RMS BitLockerTM

User-based file and folder encryption Ability to store EFS keys on a smart card

EFS

Easier to configureand deployRoam protected data between work and homeShare protected data with co-workers, clients,partners, etc.Improve compliance and data security

Protect Data from Unauthorized Viewing

Policy definitionand enforcementProtects information wherever it travelsIntegrated RMS Client Policy-based protection of document libraries in SharePoint

BitLocker-to-goTM

demo

Windows 7: Manageability

Enterprise-scale Scripting Engine with PowerShellScripting

Richer Support ToolsCustomized Troubleshooting

Enhanced Group Policy ScenariosGroup Policy Preferences

Reduce Help Desk Calls and Keep

Users Productive

Flexible Administrative

Control

Increased Automation

to Reduce Costs

Windows 7 Builds On Windows Vista Tools To Resolve Issues Quicker

Reliability MonitorReliability data is exposed via APIs for remote collectionIntegration of Reliability Monitor and Problem Reports and Solutions to better correlate system changes and events

Resource MonitorSysInternals Process Explorer features integrated into Resource Monitor for clearer identification of process issues

Windows Recovery EnvironmentWindows Recovery Environment (WinRE)    Restore to OEM or IT image without data loss or reimage with recent system backup

System Restore Users will now be able to view the list of software changes before rolling their PC back Restore points will be available from system backups allowing users to roll-back to a point further back in time

Problem Steps Recorder Users record steps taken when an issue occurs, giving help desk screen shots and comments to help resolve issues

Keep Users Productive

Fundamentally Secure Platform

Protect Users &

Infrastructure

Windows Vista FoundationUser Account ControlEnhanced Auditing

Securing Anywhere

Access

SummaryBuilding upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.

Protect Data from

Unauthorized Viewing

Network SecurityNetwork Access ProtectionDirectAccessTM

AppLockerTM

Internet Explorer 8Data Recovery

RMSEFSBitLockerTM

Problem Step Recorder

demo

15

Q & A