Many of my IT colleagues aren't exactly singing the praises of Windows 7: Certain features in Microsoft's latest desktop operating system are making our job dealing with users harder, and we wish Microsoft would walk a mile of sneakernet in our shoes. While there are seveal great capabilities in Windows 7, here five things that we, as IT, hate.
1. DirectAccess
Most enterprises have a diverse group of users, including a few who are just a bit too tech-savvy
for their own good. DirectAccess
in Windows 7 and Windows Server 2008 R2 allows for the creation of an IPsec tunnel to connect a
Windows 7 machine to another infrastructure from anywhere on the Internet. This feature could eliminate
virtual private networks (VPNs), but if a user decides to set up his home network to support
such connections from his laptop, it could be a security nightmare. The user could open up more
networks between his home-connected corporate laptop and your enterprise network. Unless your
organization sets safeguards with firewall rules and policies, this could become a real issue, real
fast.
2. Aero (Peek, Shake, Snap and any other nicknames it gets)
This applies to newer virtual desktop infrastructure (VDI) environments and not necessarily to a
physical laptop or desktop install. Let's say Joe User buys a brand-new laptop online for his home.
His first impression is "Wow, this is so much cooler than XP" (not
Vista, the train wreck that everyone wishes never happened). He hasn't actually tried any
applications yet; this is just his impression from the eye candy of the Aero
interface. Now Joe's company says that all users are moving to virtual desktops and that the standard desktop image will be Windows 7.
Joe gets his shiny new virtual desktop, and his first thoughts are "Wow, this is not as cool as my
new home laptop. What's the deal, IT? I want my coolness back." VDI performance and Aero do not mix. Eye candy or performance? You choose -- and then let Joe know.
3. No upgrade from XP
Since there were few Vista rollouts, most users will need to upgrade
from Windows XP to Windows 7. While a clean
install is always the best way to go, are you going to tell the CEO that he has to reinstall
all his apps and recustomize everything? Maybe some of you IT folks can, but most of us can't get
away with that. Microsoft, in its infinite wisdom, has decided that there will be no direct upgrade
path from XP to Windows 7. Now go tell your CEO -- we all know how much they like the word "no"
from IT.
4. XP Mode
Personally, I think XP
Mode is great feature -- but that doesn't mean I want to support it. By allowing for an
install of Microsoft's Virtual PC product and a Windows XP SP3 virtual hard disk (VHD) image, Windows
7 can run the legacy apps that enterprises need: Users can still run a 16-bit-only
expense-reporting application even though the company decided not to buy upgrades or support it any
longer. They won't notice that a Windows XP virtual
machine is running the app. But IT folks are cringing. Some of us are still trying to figure
out how to manage patching and updating a single OS on a machine, so adding
more -- not to mention the Virtual PC application running the whole show -- doubles or even
triples the amount of work.
5. Credential Manager
Did someone at Microsoft say, "Hey, we still don't have enough places in our OS that attackers can
target -- let's add another"? If so, I would like to meet that person and have him deal with Patch
Tuesday at my company. Microsoft has created the Credential
Manager, which is a just an updated Stored User Names and Password feature from Windows XP.
It's an encrypted storage shed for a simple form of single sign-on, holding usernames and passwords
in the Windows Vault. So let's have users put all of their private logon information in a central
database on their local machines, which could be lost or stolen at any time. How long do you think
it will take for attackers to crack
that encryption, if they haven't already? How long before one is able to get that information
from Joe User's machine and see, for example, that he is required to use his Social Security number
to log into his bank account? Oh, what, you didn't think that Joe would just use that Credential
Store just for company logins, did you? Now you're thinking like Microsoft.
ABOUT THE AUTHOR
Mike Nelson has been in IT for over 20 years, with exposure to a very diverse field of
technologies and solutions. He has devoted over half a decade to virtualization and server-based
computing. Nelson is currently a senior analyst at a Fortune 100 company in the U.S.
Midwest.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation