The Next Windows:
quot;Lucky Seven?quot;

   presented by Mark Minasi
       help@minasi.com
   tech forum, newsletters at...
Topics
 Um, what do I do… Vista, Win 7, roll back to
  Windows 98?
 New UI stuff, networking changes
 Rolling it out, s...
Okay, First Thing…
 What are they going to call it
 (Like anybody cares)
 Desktop = Windows 7 (unless it changes)
 Ser...
quot;When? When? When?quot;
quot;can I skip Vista? Can I can I can I? Pleeze?quot;

 The plan is the first half of 2010
...
The Vista/Win 7 Choice is Easy
 Microsoft knows you hate Vista
 (I don't work for Microsoft, and you guys tell
  me anyw...
Vista or Win 7 = You're Fine
Either Way
   And so…
    –   Speed is about equal between the two
    –   quot;If it's a Vi...
UI Stuff
 SideBar's gone, now gadgets go right on the
  desktop
 UI does an interesting job of being more
  document-cen...
More UI Stuff
 Easy adjustment to make two windows share
  the screen side-by-side, half apiece
 Some tablet users will ...
More UI: Libraries
 New way to show files, sort of an evolution of
  how (for example) Vista shows tunes
  differently th...
The Blue UI: PowerShell
 You'll see PowerShell support in a lot of
  things – it was a design goal
 Win 7 has Powershell...
Remote Access News
 You've heard about PowerShell and WinRM
 Terminal services has new name: Remote
  Desktop Services
...
Networking
 Mobile broadband support makes mobile
  broadband look like a NIC, not dialup
 Different NICs can have diffe...
Deployment
 How will we get this thing out?
 Same quot;Pantherquot; engine as Vista/08
    –   Asks questions up front, ...
Deployment
   Multicasting
    –   Important new changes in WDS multicasting: three
        different quot;speed lanesquo...
Security in Win 7
   Some big stuff:
    –   DirectAccess
    –   Applocker
    –   Bitlocker to go
    –   No more LM
  ...
DirectAccess
   Call it quot;seamless VPNquot;
   Microsoft has used a process for years now whereby
    employees log o...
DirectAccess
   Benefits:
    –   Seamless remote access to internal resources
    –   VPN that doesn't force your Intern...
AppLocker: SAFER, but Safer
 (SAFER= the beta name of Software
  Restriction Policies)
 Basically an improved Software R...
BitLocker To Go
 Removable devices can now be bitlockered
 You can even create a group policy requiring
  it
 Or say, q...
Security
   UAC now has a slider with four ticks on it to
    control how intrusive it is
   Windows Solution Center (wh...
More Security
 Neat new quot;global security access control listquot;
  makes object access auditing more useful
 Just p...
And Even More…
   New group policies let you block NTLM logons
   LM can't happen
   Windows now has in-the-box support...
DNSSEC
 Relatively old protocol-wise (2001-ish), but
  topical now
 Does not secure dynamic DNS updates
 Does secure re...
Storage
   VHDs are becoming the new quot;containerquot;
    standard, and have less and less to do with
    VMs
    –   ...
Storage
   Consider the idea of a VHD-ed system; it has only
    –   A C: drive with a boot record, basically
    –   An ...
BranchCache Lite (quot;Distributedquot;)
   So you're in a remote site, and you're using a
    file accessed across the W...
BranchCache Lite
 Caches SMB and HTTP/HTTPS traffic
 Security integrated so you can't look at things
  in the cache that...
Hosted BranchCache
   What's that you say, you have more than one
    subnet?
   Enable BranchCaching on a local server
...
Virtual Machines/Hyper-V
   Live Migration (like VMotion), shifts in ~10 ms
    range
   New NIC hardware supports separ...
Active Directory Changes
   New domain functional level
   New task-oriented UI: AD Administration Center
   PowerShell...
AD and PS
 We get 70+ PowerShell cmdlets for AD
 New AD Administration Center is the new AD
  GUI tool but, interestingl...
Saving Money


  performance, less power, easier
        hardware updates…


                                    32
Misc Good Things
 Problem Steps Recorder
 The way that the OS gives RAM to apps
  changes (with Vista, it's pretty gener...
Power Management
 Big push on this
 New quot;AQquot; logo program
 Three PM defaults all yield 10% better power
  use
...
Hardware
 Device Stage also contains links to vendor
  things like supplies and accessories and,
  with hope, PDFs of the...
Thanks for coming!
 I'm doing talks on Hyper-V, new Active
  Directory features in 2008 R2 and quot;12 Tips to
  Secure Y...
Upcoming SlideShare
Loading in...5
×

Mark Minasi Introducing Windows 7

1,115

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,115
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • … And I figured that if I said \"NT 6.1 Workstation,\" you guys would look at me really funny
  • I'm buying stock in windex, personally
  • If you're not up to speed on the hyper-v stuff, I'm doing a Hyper-V talk tomorrow at 8 AM
  • More on AD Wednesday 2 PM
  • Mark Minasi Introducing Windows 7

    1. 1. The Next Windows: quot;Lucky Seven?quot; presented by Mark Minasi help@minasi.com tech forum, newsletters at www.minasi.com 1
    2. 2. Topics  Um, what do I do… Vista, Win 7, roll back to Windows 98?  New UI stuff, networking changes  Rolling it out, securing it, storing things  Virtuality!!!  Active Directory  Saving Money 2
    3. 3. Okay, First Thing…  What are they going to call it  (Like anybody cares)  Desktop = Windows 7 (unless it changes)  Server=Windows Server 2008 R2  Server only comes in x64, no x86  Desktop still offers x86  NOTE: when I say quot;Windows 7,quot; I'm usually speaking generically of both OSes 3
    4. 4. quot;When? When? When?quot; quot;can I skip Vista? Can I can I can I? Pleeze?quot;  The plan is the first half of 2010  But, um, that's the plan… – 2000 shipped two years late – 2003 shipped two years late – 2008 shipped three years late – So when exactly will 7 ship?  And XP's losing support this year, so many of us will think, quot;hey, I gotta do something!quot; 4
    5. 5. The Vista/Win 7 Choice is Easy  Microsoft knows you hate Vista  (I don't work for Microsoft, and you guys tell me anyway!)  Vista's main problem was that it came out too early – many 2005 machines couldn't handle its needs, drivers didn't exist yet, nor did SP1  Which means that even if you think you hate Vista, the chances are good that if you took a fresh look at it today, it'd look pretty good 5
    6. 6. Vista or Win 7 = You're Fine Either Way  And so… – Speed is about equal between the two – quot;If it's a Vista driver, it's a Win 7 driverquot; – quot;If it runs Vista well, it'll run Win 7 wellquot; – Windows 7 includes nearly 400 quot;fixes,quot; built-in shims that solve compatibility problems – Any SDB-type patches created in Vista work on W7  Bottom line: you can use the same hardware for Vista or Win 7, so Win 7 will cause you no more planning needs than Vista would 6
    7. 7. UI Stuff  SideBar's gone, now gadgets go right on the desktop  UI does an interesting job of being more document-centric than app-centric: you can have MRU lists for as many apps as you like on the taskbar, as if the app were running  You can control system tray behavior for each app 7
    8. 8. More UI Stuff  Easy adjustment to make two windows share the screen side-by-side, half apiece  Some tablet users will be able to run their Win 7 boxes as they were iPhones, all finger pushes (of course, most tablets currently don't respond to fingers…)  ONE right-click on the Desktop gets you to video resolution  Paint and WordPad get the Ribbon! 8
    9. 9. More UI: Libraries  New way to show files, sort of an evolution of how (for example) Vista shows tunes differently than videos or pictures  Extends to downloaded files (shows their URL), contacts (shows their essential values)  Essentially it's a meta-view of a bunch of folders  Includes and extends the notion of search folders 9
    10. 10. The Blue UI: PowerShell  You'll see PowerShell support in a lot of things – it was a design goal  Win 7 has Powershell 2.0, which does neat remote stuff  Remoting atop WinRM, not RPC  .NET's now on Server Core, so PowerShell's on Server Core 10
    11. 11. Remote Access News  You've heard about PowerShell and WinRM  Terminal services has new name: Remote Desktop Services  Not exactly a Win 7 topic, but MS is now pushing Hyper-V for virtual desktops (quot;MED- Vquot;)  Server Manager now works remotely for role/feature control, even on Server Core 11
    12. 12. Networking  Mobile broadband support makes mobile broadband look like a NIC, not dialup  Different NICs can have different firewall profiles  DHCP now has support for scope failover from one DHCP server to another and lets you block/allow MAC addresses 12
    13. 13. Deployment  How will we get this thing out?  Same quot;Pantherquot; engine as Vista/08 – Asks questions up front, you go away, come back, you've got a system running – Very easy to script with Windows System Image Manager, free download from Microsoft  Unpopular news for some: you can upgrade from Vista, but not XP 13
    14. 14. Deployment  Multicasting – Important new changes in WDS multicasting: three different quot;speed lanesquot; for multicasting images  Dynamic driver provisioning: deploys an image, and removes unneeded drivers  New tool: DISM replaces peimg, pkgmgr, and some of ImageX's features  … and DISM patches offline virtual machines  USMT quot;hard linksquot; lets you wipe a disk but retain whatever files you choose 14
    15. 15. Security in Win 7  Some big stuff: – DirectAccess – Applocker – Bitlocker to go – No more LM – DNSSEC  And some odds 'n' ends 15
    16. 16. DirectAccess  Call it quot;seamless VPNquot;  Microsoft has used a process for years now whereby employees log onto the network, get an IPv6 address and tunnel (via Teredo) into MS's corpnet, using IPsec  Local inside-corpnet-only addresses and names now look local (quot;Name Resolution Policy Tablequot; accomplishes it)  Difference: it's seamless  Requires IPv6, IPsec, R2 RRAS servers – set up with a wizard 16
    17. 17. DirectAccess  Benefits: – Seamless remote access to internal resources – VPN that doesn't force your Internet traffic to be encrypted – Machine/machine connection means that central IT staff can patch/examine system even when user's not connected 17
    18. 18. AppLocker: SAFER, but Safer  (SAFER= the beta name of Software Restriction Policies)  Basically an improved Software Restrictions  But it's a lot smarter about handling signed applications  Includes a wizard that will look at a system and create an AppLocker policy for it automatically 18
    19. 19. BitLocker To Go  Removable devices can now be bitlockered  You can even create a group policy requiring it  Or say, quot;we won't write data to this USB stick unless it's Bitlockeredquot;  As before, you can store keys in AD, or in external 48-digit keys 19
    20. 20. Security  UAC now has a slider with four ticks on it to control how intrusive it is  Windows Solution Center (which contains the old Security Center) gives you more control over what sort of notifications the system gives you, reducing its irritation factor  Workgroups can now be quot;HomeGroups,quot; a password-protected group that lets you connect to resources in your home's network with your company's PC without your company's security settings getting in the way 20
    21. 21. More Security  Neat new quot;global security access control listquot; makes object access auditing more useful  Just point to a user and an object and it'll tell you, quot;user A tried to access object B and failed/succeeded because of X group membershipquot;  Multihomed systems can now have different firewall settings  Read-Only DFS for branch office security 21
    22. 22. And Even More…  New group policies let you block NTLM logons  LM can't happen  Windows now has in-the-box support for biometrics (fingerprint readers etc)  BitLocker To Go encrypts portable devices like USB sticks… and a group policy lets you mandate quot;if you want to use a USB stick, it must be encryptedquot;  quot;VPN reconnectquot; aims to keep you connected even when the VPN's spotty, as it's smart enough to retry at multiple VPN junction points 22
    23. 23. DNSSEC  Relatively old protocol-wise (2001-ish), but topical now  Does not secure dynamic DNS updates  Does secure responses to queries, with the result that it makes a DNS cache poisoning of the type recently discussed very unlikely  For full effect, it'll require at least all R2 DNS servers on the forwarders/masters, and possibly on all DNS servers 23
    24. 24. Storage  VHDs are becoming the new quot;containerquot; standard, and have less and less to do with VMs – You can put one on your system, install an OS to it… and tell bcdedit to boot that OS – Mounting a VHD in Win7 is called quot;surfacingquot; it – Diskpart is the basic tool of choice to work with it – Of course, Vista & 2008 use them for backups now 24
    25. 25. Storage  Consider the idea of a VHD-ed system; it has only – A C: drive with a boot record, basically – An E: drive with one file named something like quot;mywindows.vhdquot; – Some BCDEDIT commands to point to e:mywindows.vhd  On drives larger than about 30 GB, Windows automatically creates a small, un-lettered partition (whether or not you mess with VHDs)  Makes BitLocker easier to set up and makes for a quot;cleanerquot; looking C: drive 25
    26. 26. BranchCache Lite (quot;Distributedquot;)  So you're in a remote site, and you're using a file accessed across the WAN…  Someone else on your subnet needs that file…  And you supply it (without knowing)  You advertise your files using a Network Discovery protocol (the thing that's replaced Computer Browser in Vista/2008)  Uses multicasts, not broadcasts 26
    27. 27. BranchCache Lite  Caches SMB and HTTP/HTTPS traffic  Security integrated so you can't look at things in the cache that you don't have access to  Only Windows 7 systems can participate  Extra: the SMB client does more caching… reopen a file and it's as quick as if you've already opened it 27
    28. 28. Hosted BranchCache  What's that you say, you have more than one subnet?  Enable BranchCaching on a local server  Caches on the basis of hashed 64K blocks  Server is obviously faster and can dedicate more resources  It's a quot;rolequot; in 2008 R2  Windows 7 clients know to use it because group policy tells it to 28
    29. 29. Virtual Machines/Hyper-V  Live Migration (like VMotion), shifts in ~10 ms range  New NIC hardware supports separate queues for different virtual NICs, Hyper-V supports it  Ditto NICs with embedded network switches  Second level address translation on CPUs now supported – solves a problem (flushing VM page tables) that can take up to 10% of CPU time  256 cores supported 29
    30. 30. Active Directory Changes  New domain functional level  New task-oriented UI: AD Administration Center  PowerShell cmdlets  AD Recycle Bin  Automatically maintained domain-based service accounts, new type of account  Best Practice Analyzer  Offline Domain Join 30
    31. 31. AD and PS  We get 70+ PowerShell cmdlets for AD  New AD Administration Center is the new AD GUI tool but, interestingly enough, it's really just a PowerShell application – PowerShell 2.0 supports GUI forms, so  … but under the hood, it's nothing more than a GUI front end to PowerShell commands  No quot;reflectivity,quot; though… bummer! 31
    32. 32. Saving Money performance, less power, easier hardware updates… 32
    33. 33. Misc Good Things  Problem Steps Recorder  The way that the OS gives RAM to apps changes (with Vista, it's pretty generous in an attempt to make it faster), and so W7 should use less memory  Non-miniport print drivers mean no (well, fewer) printer driver blue screens 33
    34. 34. Power Management  Big push on this  New quot;AQquot; logo program  Three PM defaults all yield 10% better power use  quot;Core Parkingquot; shuts down particular cores or entire sockets when not needed on Hyper- V systems 34
    35. 35. Hardware  Device Stage also contains links to vendor things like supplies and accessories and, with hope, PDFs of the manual  Wake-on-wireless LAN 35
    36. 36. Thanks for coming!  I'm doing talks on Hyper-V, new Active Directory features in 2008 R2 and quot;12 Tips to Secure Your Networkquot; tomorrow and Wednesday  I am teaching my two-day techie seminar on Server 2008 next week in Philadelphia and the end of April in Chicago  Info at www.minasi.com 36

    ×