3. Remote
Management
& Performance
of Portable
Computers
Security
Hardening and
Defense in
Depth
Meeting
Emerging
Compliance
Requirements
Group Policy
and
Configuration
Management
Improving
System
Resiliency,
Reliability, and
Hardware
Performance
Advancing Desktop Management
Direct
Access
NAP
BrancheCach
e
AppLocker
GPO
AGPM
Trouble-
shooting
DART
Bitlocker
4. Standard user accounts
Group Policy to control configurations
Group Policy preferences to manage:
Files
Folders
Registry settings
And more
5. Up to 2,500+ policy settings in the past
+300 in Windows 7 (~2800 currently)
Group Policy is a Windows ‘manageability’ basic
requirement
Policy settings greatly expanded in a number
of areas
BranchCache BITS Offline Files Biometrics
Troubleshooting
& Diagnostics
Windows
Defender
User Account
Control
Internet
Explorer
Smartcard Windows Error
Reporting
AppLocker
System Audit
Policies
Desktop Shell
Bitlocker Drive
Encryption
Remote
Assistance
6. Similar to logon scripts, but with a GUI
Use the Group Policy infrastructure to:
Deploy non-native settings to Group Policy
For example, to map a drive:
1. Create and edit a GPO
2. Edit the Drive Maps preference item
*No script code required – just use the GUI.
9. Advanced Group Policy Management
Enable group policy
change management
Provides granular
administrative control
Reduce risk of
widespread failure
Versioning, history &
rollback of group policy
changes
Role-based
administration &
templates
Flexible delegation
model
What it Does Benefits
14. Remote
Management
& Performance
of Portable
Computers
Security
Hardening and
Defense in
Depth
Meeting
Emerging
Compliance
Requirements
Group Policy
and
Configuration
Management
Improving
System
Resiliency,
Reliability, and
Hardware
Performance
Advancing Desktop Management
Direct
Access
NAP
BrancheCach
e
AppLocker
GPO
AGPM
Trouble-
shooting
DART
Bitlocker
15. IPv6 Devices IPv4 Devices
DirectAccess
Server
Windows 7
Client
Native IPv6
with IPSec
IPv6 Transition
Services
Supports variety of
remote network
protocols
DirectAccess provides
transparent, secured access
to intranet resources without
a VPN
Allows desktop
management of
DirectAccess clients
Allows IPSec encryption and
authentication
Supports direct connectivity
to IPv6-based intranet
resources
Support IPv4 via 6to4
transition services or
NAT-PT (Or use FF
UAG)
IT desktop
management
AD Group Policy,
NAP, software
updates
Internet
DirectAccess
22. Remote
Management
& Performance
of Portable
Computers
Security
Hardening and
Defense in
Depth
Meeting
Emerging
Compliance
Requirements
Improving
System
Resiliency,
Reliability, and
Hardware
Performance
Advancing Desktop Management
Direct
Access
NAP
BrancheCach
e
AppLocker
Trouble-
shooting
DART
Bitlocker
Group Policy
and
Configuration
Management
GPO
AGPM
23. Eliminate unwanted/unknown
applications in your network
Enforce application
standardization within your
organization
Easily create and manage
flexible rules using Group Policy
Users can install and run
unapproved applications
Even standard users can install
some types of software
Application Control
AppLocker
27. BitLocker-To-Go
BitLocker To Go
Support for FAT*
Protectors: DRA, passphrase, smart card and/or auto-unlock
Management: protector configuration, encryption enforcement
Read-only access on Windows Vista & Windows XP
SKU Availability
Encrypting – Enterprise
Unlocking – All
29. Diagnostics And Recovery Toolset
Accelerate TCO savings
by minimizing recovery
time
Recover instead of
reloading Windows
Make PCs safer to use
Recover unbootable PC
Access deleted files,
manipulate services,
reset passwords, &
more
Safely detect and
remove malware while
the PC is offline
What it Does Benefits
33. Thanks for your time!
Tony Krijnen
tony.krijnen@microsoft.com
@tonykrij
Daniel van Soest
danielvs@microsoft.com
@dansaap
Andy O’Donald
aodona@microsoft.com
@andyodonald
Stephen Rose
stephen.rose@microsoft.com
@stephenlrose
Please fill out your evals!
34. Follow The Tour and Watch The Videos
Windows Team Blog
@MSSpringboard - Twitter