Your SlideShare is downloading. ×
Bus Tour   Windows 7 Deck (Full)
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Bus Tour Windows 7 Deck (Full)


Published on

Published in: Business, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • The Springboard Series program was developed in response to primary research conducted with IT Pros worldwide (direct interviews, focus groups) and key MS field roles (TSPs, ATSs, ITEs, PAMs, TAMs, Architects). The findings fell into two areas—the need to make learning about how a new OS environment directly impacts the IT Pro more consumable (and the messages more relevant), and how the mis-handling of Vista to this audience has cost us in poor NSAT and perceptionsTo remedy this situation, the Win Client IT pro audience developed a program to provide the right information, at the right technical level, at the right point in the adoption lifecycle, and to do so in a frank, open and honest tone. This program has two major components—a breadth effort that touches IT pros directly (through Technet and related properties), and a depth component that supports field and partner engagements
  • So what are the technologies within MDOP? Application Virtualization: this solves for application to application conflict issues within your organization. So say, for example, you’ve got a line of business application that will not run on your operating system. Using Application Virtualization you can sequence those applications. You can stream them to the desktops within your organization and there is no conflict with the applications, as nothing is actually installed on the desktop.   The Asset Inventory Service: this is a hosted service that enables you to collect software inventory data, as well as limited hardware data. And you can translate that data into actionable business intelligence. There is a catalog component to AIS, which assigns intuitive categorization to the information that’s flowing through the service. And it is the same catalog in AIS that is leveraged by Systems Center.   The Diagnostics and Recovery tool set: DART can reduce your users’ down time by accelerating your desktop repair process. So using the DART CD you can perform such tasks as resetting administrator passwords, scanning and solving for malware on your users’ desktops, repairing those desktops and even wiping those desktops.   Systems Center Desktop Error Monitoring: this enables proactive help desk problem management by allowing you to see the errors that are occurring within your organization at an aggregate level and reporting on application and system crashes as they’re occurring within your organization. So having visibility to those errors helps you solve for those errors occurring in future.   AGPM: We hear from our customers that they struggle with managing group policy within their organizations. With AGPM you can assign roles to people within your organization. For example, you can have some people that are reviewers of policies. You can have some people that are approvers of policies and you can also have people, for example, that have the ability to edit policies. In that way you can control who is managing group policy within your organization and you can also ensure that there is audit trail for group policy that is being deployed within your organization.   MED-V: MED-V enables you to solve for application to operating system conflicts within your organization. So using virtual PC at technology you can address key Enterprise scenarios and resolve for those application compatibility issues with new versions of Windows.
  • UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts and to influence the ecosystem to write software that does not need administrative rights. Transitioning the ecosystem to create software that does not require administrative changes to the machine is a very good thing for overall reliability of the machine as well as for the overall security of the machine since it limits the potential damage. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environmentand still maintaining the influence on the ecosystem to create software that does not require administrative rights.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.
  • Transcript

    • 1. Welcome to Windows 7
      Stephen L Rose
      Worldwide Community Manager – Windows Client
      Blog- http://windowsteamblog.comTwitter- @stephenlrose / @MSspringboard
    • 2. Agenda
      Who Am I?
      Resources, Resources, Resources
      Windows 7 Overview
      Windows 7 Anywhere
      Security and Control in Windows 7
      Windows 7 Deployment
    • 3. What is the Springboard Series?
      The Springboard Series is the resource for desktop IT pros
      Springboard is localized in 10 languages
      Over 50 video walkthroughs on Windows 7 features, tools and tasks
      Dedicated zones for Application Compatibility, Migration, Deployment and more
      Straight-talk Monthly Feature Articles & Overview Guides
      Springboard Insider Monthly Newsletter and Windows Team Blog
      Virtual Roundtable Events
      The Springboard Series IT pro experience offers IT Pros dynamic content and structured guidance across the adoption lifecycle
      Follow us on Twitter @ MSSpringboard
    • 4.
    • 5. – The people , the backstories, and the events behind Windows 7.
      Join The Conversation!
    • 6. Let’s Begin
    • 7.
    • 8. Windows 7 Versions
      Windows 7 Starter
      No 64 Bit
      Windows 7 Home Basic
      Emerging Markets only
      Windows 7 Home Premium
      Includes Aero, Media Center and Touch
      Windows 7 Professional
      Does not support Direct Access, BitLocker, BitLocker To Go, BranchCache. Does have XP Mode
      Windows 7 Enterprise
      Supports all features. Only available via Volume License to Software Assurance customers.
      Windows 7 Ultimate
      Supports all features.
    • 9.
    • 10. Understanding VL and SA
      What is Volume Licensing?
      Volume Licensing is the most affordable way to upgrade your existing PCs to Windows 7Enterprise.
      Windows licenses available through Volume Licensing are upgrade-only licenses. They do not replace purchasing the initial Windows licenses for software that comes pre-installed on new PCs.
      Each desktop that runs the Windows 7 upgrade must first be licensed to run one of the qualifying operating systems (Windows Vista (Enterprise/Business/Ultimate) or Windows XP (Professional)—otherwise the PC will not have a valid, legal Windows license.
      What is Software Assurance?
      When you acquire Windows 7 Professional licenses, either through Volume Licensing upgrades or through an OEM, you can cover those licenses with Software Assurance to get rights to Windows 7 Enterprise.
      SA also applies to Office and other Microsoft products.
    • 11. What Else Do I Get With SA?
      Microsoft Desktop Optimization Pack (MDOP) - MDOP is an add-on subscription license that provides innovative technologies to help better control the desktop PC, accelerate and simplify desktop PC deployments and management, and create a dynamic infrastructure by turning software into centrally-managed services.
      Windows Virtual Enterprise Centralized Desktop (VECD) for Software Assurance - Windows VECD is an annual device-based subscription that enables organizations to license virtual copies of Windows 7 (or prior OS versions) in a variety of user scenarios.
      Windows Fundamentals for Legacy PCs - Available exclusively to Microsoft Software Assurance customers, this small-footprint, Windows-based operating system solution is for customers with legacy computers running early operating systems who are not in a position to purchase new hardware.
      Virtual OS Rights - Use up to four instances of Windows in virtual OS environments for each license that has active Software Assurance coverage.
      New Version Rights - Receive new versions of licensed software released during the term of your coverage. If you have Software Assurance coverage for your PCs when Windows 7 is released, you will automatically receive rights to use Windows 7 Enterprise on those PCs.
    • 12. MDOP Technologies
      App-V turns applications into centrally managed services that are never installed, never conflict, and are streamed on demand to end users
      AIS is a hosted service that collects software inventory data and translates it into actionable business intelligence
      DART reduces downtime by accelerating desktop repair, recovery, and troubleshooting unbootable Windows-based desktops
      DEM enables proactive helpdesk problem management by analyzing and reporting on application and system crashes
      AGPM enhances governance and control over Group Policy through robust change management and role-based administration
      MED-V enables deployment and management of Microsoft Virtual PC to address key enterprise scenarios, primarily resolving application compatibility with a new version of Windows
    • 13. What’s The Killer Feature In Windows 7?
    • 14. What’s The Killer Feature In Windows 7?
      “I Don’t Care How It Works. I Just Want It To Work.”
      Direct Access / VPN Reconnect/Mobile Broadband / BranchCache
      Security and Control
      BitLocker/BitLocker To Go / Improved UAC
      Desktop Auditing / NAP / AppLocker / IE8
      New Aero Features / Search / Wireless support / Device Stage / Location Aware Printing / Home Groups / Libraries
      Speed / Efficiency / Capabilities / Flexibility / Reliability
    • 15. Windows 7 and Access Anywhere
    • 16. Information Worker’s World Has Been Changing
    • 17. The Evolving Needs
      IT Professional needs:
      • Secure and flexible infrastructure for“work anywhere”
      • 18. Reduce costs
      Mobile & Remote Work-Force needs:
      • Work anywhere
      • 19. Fast access
    • Remote Access for Mobile Workers
      Windows 7 Solution
      Situation Today
      • Corporate network boundary includes managed assets no matter where they are on the Internet
      • 20. Easy to service mobile PCs and distribute updates and polices
      • 21. New network paradigm increases mobile user productivity by providing same experience inside & outsidethe office
      • 22. Challenging for IT to manage, update, patch mobile PCs while disconnected from company network
      • 23. Difficult for users to access corporate resources from outside the office
    • DirectAccess Components
      • Runs on Windows 7
      • 24. Domain-joined
      • 25. Initial configuration done on Corpnet or over VPN
      • 26. Runs on Windows Server 2008 R2
      • 27. Sits on network edge
      • 28. Single box by default
      • 29. Services can be split up for scalability
    • DirectAccess
      Technical Details
      Compliant Client
      Compliant Client
      NAP / NPS Servers
      Tunnel over IPv4 UDP, HTTPS, etc.
      DirectAccess Server
      Intranet User
      Assume the underlying network is always insecure
      Data Center and Business Critical Resources
      Intranet User
      Redefine enterprise network edge to insulate the datacenter and business critical resources
      Enterprise Network
      Security policies based on identity, not location
    • 30. DirectAccess & IPv6
      Tunnel over IPv4 UDP, HTTPS, etc.
      Encrypted IPsec+ESP
      Native IPv6
    • 31. DirectAccess & IPsec
      Line of Business Applications
      DirectAccess Server
      No IPsec
      IPsec Integrity Only (Auth)
      IPsec Integrity + Encryption
    • 32. DirectAccess Deployment
      Get ready step by step
      Determine your strategy
      Be ready to monitor IPv6 traffic
      Choose an Access Model: Full Intranet Access vs. Selected Server Access?
      Assess deployment scale
      Get your infrastructure ready
      Windows 7 clients
      Windows Server 2008 R2 DirectAccess Server
      DC, DNS Server, Active Directory, PKI, Application Servers, etc.
      During deployment
      Use DirectAccess configuration wizard to setup DirectAccess Server and generate policies for clients, application servers, and DC/DNS
      Customize policies as needed
    • 33. IT Pro Benefits
      Improved manageability of remote users
      IT simplification and cost reduction
      Consistent security for all access scenarios
      Seamless & secure access to corporate resources
      Consistent connectivity experience in / out office
      Combined with other Windows 7 features enhances the end to end IW experience
      DirectAccess Benefits
      End User Benefits
    • 34. DirectAccess? Show Me!
    • 35. VPN Reconnect
      Windows 7 Solution
      Situation Today
      VPN Server
      • The client maintains persistent VPN connection across network outages
      • 36. VPN Client can connect to any VPN Server of choice
      VPN Server
      • VPN used frequently for remote access to corporate resources
      • 37. Mobile workers reconnect to VPN on every network outage
      • Better end user experience: seamless and consistent VPN connectivity
      • 38. Reduced support costs
    • Mobile Broadband
      Windows 7 Solution
      Situation Today
      Integrated solution that is consistent and easy to discover
      • Plug & play experience for 3G cards (built-in or external)
      Internet connectivity via mobile broadband cards is expanding:
      • Inconsistent user experience
      • 39. Additional software required
      • 40. IHVs can integrate devices using Windows 7 platform
      • 41. No need for users to install3rd party software
      • 42. End users have same connectivity experience across WiFi and WWAN
    • Branch Office Enhancements
      Windows 7 Solution
      Situation Today
      Caches content downloaded from file and Web servers
      Users in the branch can quickly open files stored in the cache
      Frees up network bandwidth for other uses
      Application and data access over WAN is slow in branch offices
      Slow connections hurt user productivity
      Improving network performance is expensive and difficult to implement
    • 43. BranchCache
      Technical Details
      • Authenticates current state of data and access rights of the user against the server
      • 44. Supports commonly used protocols: HTTP(S), SMB
      • 45. Support network security protocols (SSL, IPsec)
      • 46. Requires Windows Server 2008 R2 in the data center and Hosted Cache
    • BranchCache Distributed Cache
      Main Office
      Branch Office
    • 47. BranchCache Hosted Cache
      Main Office
      Branch Office
    • 48. BranchCache
      Hosted CacheData cached at the host server
      Distributed Cache
      Data cached in cache pool
      • Cache stored centrally: existing Windows Server 2008 R2 in the branch
      • 49. Cache availability is high
      • 50. Enables branch-wide caching
      • 51. Increased reliability
      • 52. Recommended for branches without a branch server
      • 53. Easy to deploy: Enabled on clients through Group Policy
      • 54. Cache availability decreases with laptops that go offline
    • 55. BranchCache Benefits
      IT Pro Benefits
      • Optimize network utilization:
      • 56. HTTP and HTTPS-based intranet traffic
      • 57. SMB (and signed SMB) shares on the read path
      • 58. Support network security protocols (SSL, IPsec)
      • 59. Reduce the cost of managing WAN
      • 60. Improve application responsiveness and reduce file transferwait time
      • 61. Combined with other SMB offerings enhance the userexperience on remote shares
      End User Benefits
    • 62. Enhance Security & Control in Windows 7
    • 63. Windows 7 Enterprise Security
      Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.
      Fundamentally Secure Platform
      Helping Protect Users & Infrastructure
      Helping Secure Anywhere Access
      Windows Vista Foundation
      Streamlined User Account Control
      Enhanced Auditing
      Network Security
      Network Access Protection
      Internet Explorer 8
      Data Recovery
      BitLocker & BitLocker To GoTM
    • 64. Fundamentally Secure Platform
      Windows Vista Foundation
      Enhanced Auditing
      Streamlined User Account Control
      Make the system work well for standard users
      Administrators use full privilege only for administrative tasks
      File and registry virtualization helps applications that are not UAC compliant
      Group Policy Configurable
      XML based
      Granular audit categories
      Detailed collection of audit results
      Simplified compliance management
      Security Development Lifecycle process
      Kernel Patch Protection
      Windows Service Hardening
      DEP & ASLR
      IE 8 inclusive
      Mandatory Integrity Controls
    • 65. User Account Control
      Windows Vista
      System Works for Standard User
      All users, including administrators, run as Standard User by default
      Administrators use full privilege only for administrative tasks or applications
      Influence the ecosystem to write software that does not need administrative rights
      Streamlined UAC
      Reduce the number of OS applications and tasks that require elevation
      Refactor applications into elevated/non-elevated pieces
      Flexible prompt behavior for administrators
      Continued ecosystem influence for standard user applications
      Customer Value
      User provides explicit consent before using elevated privilege
      Disabling UAC removes protections, not just consent prompt
      Users can do even more as a standard user
      Administrators will see fewer UAC Elevation Prompts
      Windows 7
    • 66. Desktop Auditing
      Windows Vista
      Enhanced Auditing
      New XML based events
      Fine grained support for audit of administrative privilege
      Simplified filtering of “noise” to find the event you’re looking for
      Tasks tied to events
      Simplified configuration results in lower TCO
      Demonstrate why a person has access to specific information
      Understand why a person has been denied access to specific information
      Track all changes made by specific people or groups
      Granular auditing complex to configure
      Auditing access and privilege use for a group of users
      Windows 7
    • 67. UAC & Auditing
    • 68. Securing Anywhere Access
      Network Security
      Network Access Protection
      Ensure that only “healthy” machines can access corporate data
      Enable “unhealthy” machines to get clean before they gain access
      Security protected, seamless, always on connection to corporate network
      Improved management of remote users
      Consistent security for all access scenarios
      Policy based network segmentation for more secure and isolated logical networks
      Multi-Home Firewall Profiles
      DNSSec Support
    • 69. Network Access Protection
      Example: Patch
      Corporate Network
      Policy Servers
      such as: Patch, AV
      Health policy validation and remediation
      Helps keep mobile, desktop and server devices in compliance
      Reduces risk from unauthorized systems on the network
      Not policy compliant
      Policy compliant
      DHCP, VPN
      Windows 7
    • 70. Protect Users & Infrastructure
      Data Recovery
      Internet Explorer 8
      Protect users against social engineering and privacy exploits
      Protect users against browser based exploits
      Protect users against web server exploits
      File back up and restore
      CompletePC™ image-based backup
      System Restore
      Volume Shadow Copies
      Volume Revert
      Enables application standardization without increasing TCO
      Increase security to safeguard against data and privacy loss
      Support compliance enforcement
    • 71. Help Desk Made Easier
      Problem Steps Recorder
      Windows Troubleshooting Platform
    • 72. Application Control
      Situation Today
      Eliminate unwanted/unknown applications in your network
      Enforce application standardization within your organization
      Easily create and manage flexible rules using Group Policy
      Users can install and run non-standard applications
      Even standard users can install some types of software
      Unauthorized applications may:
      Introduce malware
      Increase helpdesk calls
      Reduce user productivity
      Undermine compliance efforts
      Windows 7 Solution
    • 73. AppLocker Demo
    • 74. AppLocker
      Technical Details
      Simple Rule Structure: Allow, Exception & Deny
      Publisher Rules
      Product Publisher, Name, Filename & Version
      Multiple Policies
      Executables, installers, scripts & DLLs
      Rule creation tools & wizard
      Audit only mode
      SKU Availability
      AppLocker – Enterprise / Ultimate
    • 75. BitLocker / BitLocker To Go
      Situation Today
      BitLocker To Go
      Worldwide Shipments (000s)
      Extend BitLocker drive encryption to removable devices
      Create group policies to mandate the use of encryption and block unencrypted drives
      Simplify BitLocker setup and configuration of primary hard drive
      • Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth  
      • 76. Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III 
      Windows 7 Solution
    • 77. BitLocker /BitLocker To Go
      Technical Details
      BitLocker Enhancements
      Automatic 200 Mb hidden boot partition
      New Key Protectors
      Domain Recovery Agent (DRA)
      Smart card – data volumes only
      BitLocker To Go
      Support for FAT*
      Protectors: DRA, passphrase, smart card and/or auto-unlock
      Management: protector configuration, encryption enforcement
      Read-only access on Vista & XP
      SKU Availability
      Encrypting – Enterprise, Ultimate
      Unlocking – All
    • 78. Microsoft
    • 79. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
      The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.