The document compares Windows 7 Pro and Windows 7 Enterprise, highlighting additional features in Windows 7 Enterprise such as BitLocker, BitLocker To Go, AppLocker, booting from VHDs, BranchCache, and DirectAccess. BitLocker provides full disk encryption while AppLocker allows restricting applications. Booting from VHDs enables testing configurations without affecting the main OS. BranchCache and DirectAccess improve remote access performance and security by caching content locally and enabling VPN-less internet access.

1. WINDOWS 7 PRO
VS
WINDOWS 7 ENT
A Presentation on the exceptional differences between the two Operating Systems

2. Extra Features In WIN 7 Ent
• BitLocker
• Bitlocker To Go
• Applocker
• Boot from VHD
• BranchCache
• DirectAccess

3. BitLocker
Available on Win 7 Enterprise and Ultimate. It is used in Encrypting the HDD with
128bit AES encryption. It is faster than other AES encryption and has low RAM
requirements since the CBC mode with a 128bit key is used for encryption.
Authentication Mechanism
• Transparent mode: Uses TPM chip for key storage. Releases the Key to the
OS loader only if the early bootfile appears to be unmodified. Vulnerable to
a ‘coldboot’ attack.
• User Authentication mode: Uses the bootloader. Requires authentication to
the pre-boot environment in the form of a PIN. Vulnerable to the ‘bootkit’
attack but not to ‘coldboot’ attack.
• USB Key mode: Uses a USB dongle containing the startup key. BIOS must
support portable USB devices at the Pre-boot OS stage. This mode is immune
to ‘coldboot’ attack.

4. BitLocker
Recovery Modes
• Recovery Password: A numerical Key protector for recovery purposes.
• Recovery Key: An external Key for recovery purposes.
• Certificate: Adds a certificate-based public key protector for recovery.
The following Combination of Authentication modes are possible and all can be recovered
using the ‘Recovery Key’ method.
• TPM
• TPM+PIN
• TPM+PIN+USB key
• TPM+USB key
• USB Key
Requirements
1. Two NTFS formatted volumes(one for OS and a 100MB min from which the OS boots).
This can be achived using the DISKPART util or the Bitlocker Drive Preparation Tool.
2. An optional Key can be stored on the AD for recovery purpose and can be used for
recover using the ‘BitLocker Recovery Password Viewer for AD users’. For server
versions before 2008 the ‘Schema’ must be updated.

5. BitLocker
Benefits to the Business
• Good Degree of safety in case of Laptop theft.
• Integrated with AD directly no extra application or Add-on required.
• It encrypts more than the OS partition thus ensuring max security of data.
• Works on Multiboot environments.
• Flexible configuration as GP can be used.
Limitations
• Cool boot attack while using it in the TPM mode(transparent operation mode)
• Only Supported on the NTFS partision and on NT based OS(but BITLOCKER TO GO
Reader can run on NTFS, FAT 32 or exFAT).
• Workaround possible without TPM.
• BitLocker gives the End user local admin Rights. This gives them the opportunity to turn
off the encryption if desired

6. AppLocker
This help to prevent the use of Unknown or Unwanted application within the Network.
Helps to boast security and compliance for the organisation. It is a rule based service,
with 3 main rules configurable( Exec rule, Windows Installer rule, Script rule).
Applocker Vs Other Solutions
Restriction policies can be applied to the following.
• Specific User or Group.
• Default Rule Action is Deny.
• Audit-only mode possible.
• Wizard to create multiple rules at once.
• Policy import or export.
• Rule Collection available.
• PowerShell Support.
• Custom Error Messages.

7. AppLocker
Requirement
• Windows Server 2008 R2. Windows 7 Ult, Windows 7 Ent(Win 7 pro can create rules but
can’t enforce them.)
• For GP deployment, at least one computer with the Group Policy Management
Console(GPMC) or the Remote Server Administration Tools(RSAT) installed to host the
Applocker rules.
• Computers to enforce the Applocker rules created.
Rule Conditions
Rules are created either by PUBLISHER, PATH or by FILE HASH.
Benefits
• Increased security.
• Cost of Procuring third party apps lock down application eliminated.

8. Booting from VHD
VHD(Virtual Hard Drive)
Benefits
• It can be used as a simplified backup mechanism which is also portable.
• Booting from VHD helps to test new configurations and applications before final role-out.
• Any Malware infection only affects the VOS and does not spread to the Main OS.
• Native image deployment using Windows Deployment Service for Workstation/ Server
redeployment or recovery
Limitations
• VHD size limited to 2TB
• EFS/NTFS compression not suported
• Hibernating not supported.
• OS can’t be upgraded.
• Cannot be nested.
• Can’t be booted from a USB.

9. BranchCache
Caching contents of files and webservers locally at branch office, increasing the
network responsiveness of centralized applications when accessed remotely.
Modes of Operation
• Distributed Cache.
• Hosted Cache.
Benefits
• Reduced WAN link Utilisation in Branch offices(intranet based HTTP and SMB traffic).
• Accelerates delivery of encrypted contents(HTTPS and IPSec).
• Does not require additional equipment at the branch office and can be managed using GP.
• Caching done by default when round trip lattency time exceeds 80ms.
Limitations
• Depends on the caching mode(distr requires more processing power from work stations thus
performance may be affected. Hosted however combats this but requires extra hardware
investment.

10. DirectAccess
Enables connection to the office securely through the internet without the need for a
VPN.
Advantages
• Working outside the office is easier as there is no need for traditional VPN.
• Remote Management possible(Update deployment and GP settings over the internet).
• Enhanced Security and Access control.
• Communicates using IPv6 over IPsec.