Printed from www.pcpro.co.uk
Posted on October 28th, 2008 by Barry Collins
Windows 7: tools for IT departments
Windows 7 boasts several new features that could make PCs easier to manage and secure for IT departments. They include:
BitLocker To Go
Government departments pay attention: Microsoft is expanding the BitLocker drive encryption found in business and Ultimate versions of Vista to include USB flash drives. “The problem with these little buggers is people lose them,” said the unusually frank Boettcher.
IT departments can set a group policy that forces USB drives to be encrypted before the employee’s allowed to copy files off the corporate network on to the stick, saving IT departments from employing more drastic measures, such as disabling USB ports.
Alternatively, employees can easily encrypt their own drives with the Bitlocker Drive Encryption option in Windows 7’s System and Security settings. Remembering the password might be a stiffer challenge, however.
Direct Access
This feature gives employees access to data stored on the corporate network when they’re out of the office, without having to tunnel through a VPN. “It means I’m always on the corporate network, wherever I am,” said Shane Boettcher, general manager of product management in the Windows client division. “It uses IPSec to provide a secure connection to the corporate intranet.”
There is a catch, however: companies must have deployed Windows Server 2008 R2 and implemented IPv6 and IPSec before employees will be able to use this feature.
Branch Cache
With the vast majority of employees not working at head office in most organisations, Branch Cache makes it easier for staff in remote offices to access company files. Once one person in the branch office has downloaded a file, a copy of it is cached locally, so that workers subsequently trying to download the same file don’t have to wait as long. This is particular useful for outlying offices with modest internet connections, but once again relies on Server 2008 R2.
Problem Steps Recorder
“Some organisations want helpdesk folk to stay in their seats,” claimed Boettcher, which is why Microsoft has developed the Problem Steps Recorder. With this facility, employees can set their PC to record step-by-step screengrabs of the procedures they go through when experiencing a technical problem, such as a botched installation or faulty driver. These are then forwarded to the IT department, along with a batch of telemetry from the user’s PC, to help the helpdesk remotely diagnose the problem.
App Locker
IT departments now have the power to not only determine which applications an employee can have on their PC, but which version of the application. IT departments could, for example, allow users to install Flash Player 9, but block version 10 until they’ve completed sufficient testing. Equally, they could block access to older, insecure versions of software packages that employees may have taken it upon themselves to install.
Tags: App Locker, BitLocker To Go, Direct Access, Problem Steps Recorder, Security, Windows 7
Posted in: Windows 7
Follow any responses to this entry through the RSS 2.0 feed.
11 Responses to “ Windows 7: tools for IT departments ”
Leave a Reply
Categories
- About the bloggers
- Green
- Hardware
- How To
- Just in
- Microsoft Office 2010
- Newsdesk
- Online business
- Random
- Rant
- Real World Computing
- Software
- View from the Labs
- Windows 7
Authors
Archives
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
advertisement
October 28th, 2008 at 6:53 pm
“…without having to tunnel through a VPN….“It uses IPSec to provide a secure connection to the corporate intranet.”
Wait… Isn’t that what a VPN does?
October 29th, 2008 at 2:41 am
I can tell you right now a large number of people arent going to use the Problem Step Recorder, users dont do that. The call the helpdesk and tell whoever is on the other end of the phone “fix it”.
I’m having a hard time understanding how direct access is any better then vpn, not to mention a lot of companies out there still are not on IPv6. Do we think they are going to deploy IPv6 just for this when they can run a IPSec VPN client? Cisco’s is free.
Bit Locker in Vista is only on Ultimate and Enterprise, is the home user going to have to pay through the nose to get it in this version of Windows too? Pretty daunting when pgp already has a great cost effective solution out there.
So far I am not very impressed, seems like windows has tried brainstorm features rather then listening to the user base about what it wants. How about a reliable hibernate? MAC’s hibernate is almost rock solid but Microsoft’s has been laughable through the last 3 versions. How about a firewall that doesnt rate dead last when stacked up against others? We have a somewht effective spyware detection built in but how about a software ips/ids?
I’m left wanting s far.
e-
October 29th, 2008 at 5:04 am
Any chance that they will expand Microsoft Update and/or WSUS to allow it to patch common 3rd party applications, such as Adobe Acrobat, iTunes, WinZip, etc? I still hope.
October 29th, 2008 at 7:56 am
That depends on the third parties allowing it to happen, as much as Microsoft.
October 29th, 2008 at 2:39 pm
Using App Locker, IT departments can lock Windows, version 7.0, from beign installed?
October 29th, 2008 at 6:49 pm
Obviously the Direct Access is a connection that automatically establishes itself upon connecting to the Internet. So dumb users who don’t know how to double click the vpn connection and navigate the Windows Explorer can have an easier time accessing these resources.
October 30th, 2008 at 1:45 pm
Branch cache : – would it be another technique require to synchronize file version ?
offline working is a trend but nightmare to keep up on the server and extreme dangerous for security breach.
November 3rd, 2008 at 7:41 pm
The User Interface (UI) looks very similar to Vista. I wish that they would put all the default icons on the screen with the screen shot demo, not just the recycle bin, that would make it look more professional.
December 21st, 2008 at 11:20 pm
AppLocker is just big brother gone horribly wrong.
I work in IT and I think this is a pathetic option and it’s much more work for us and hassle for our already PC-scared users.
Stop trying to control everything Microsoft!!!
March 24th, 2009 at 12:25 am
It is unfortunate that Microsoft has restricted the capability to write to such a “Bitlocker To Go” encrypted device to only 7 Ultimate and Enterprise. I, as a personal user, (and am sure many others) would be willing to upgrade to Ultimate to be able to create an encrypted USB stick, but the fact that I wouldn’t be able to write to it on any other standard Windows machine would completely put me off even using this feature in the first place.
April 10th, 2009 at 4:49 pm
Seems to be focusing on windows only networks and pushing corporations to Microsoft only offices. More reinventions of existing mechanisms but ignoring issues of interoperability. None of the new features provide any real benefit to me or my organisation.