Many of my IT colleagues aren't exactly singing the praises of Windows 7: Certain features in Microsoft's latest desktop operating system are making our job dealing with users harder, and we wish Microsoft would walk a mile of sneakernet in our shoes. While there are seveal great capabilities in Windows 7, here five things that we, as IT, hate.
Most enterprises have a diverse group of users, including a few who are just a bit too tech-savvy for their own good. DirectAccess in Windows 7 and Windows Server 2008 R2 allows for the creation of an IPsec tunnel to connect a Windows 7 machine to another infrastructure from anywhere on the Internet. This feature could eliminate virtual private networks (VPNs), but if a user decides to set up his home network to support such connections from his laptop, it could be a security nightmare. The user could open up more networks between his home-connected corporate laptop and your enterprise network. Unless your organization sets safeguards with firewall rules and policies, this could become a real issue, real fast.
2. Aero (Peek, Shake, Snap and any other nicknames it gets)
This applies to newer virtual desktop infrastructure (VDI) environments and not necessarily to a physical laptop or desktop install. Let's say Joe User buys a brand-new laptop online for his home. His first impression is "Wow, this is so much cooler than XP" (not Vista, the train wreck that everyone wishes never happened). He hasn't actually tried any applications yet; this is just his impression from the eye candy of the Aero interface. Now Joe's company says that all users are moving to virtual desktops and that the standard desktop image will be Windows 7. Joe gets his shiny new virtual desktop, and his first thoughts are "Wow, this is not as cool as my new home laptop. What's the deal, IT? I want my coolness back." VDI performance and Aero do not mix. Eye candy or performance? You choose -- and then let Joe know.
3. No upgrade from XP
Since there were few Vista rollouts, most users will need to upgrade from Windows XP to Windows 7. While a clean install is always the best way to go, are you going to tell the CEO that he has to reinstall all his apps and recustomize everything? Maybe some of you IT folks can, but most of us can't get away with that. Microsoft, in its infinite wisdom, has decided that there will be no direct upgrade path from XP to Windows 7. Now go tell your CEO -- we all know how much they like the word "no" from IT.
4. XP Mode
Personally, I think XP Mode is great feature -- but that doesn't mean I want to support it. By allowing for an install of Microsoft's Virtual PC product and a Windows XP SP3 virtual hard disk (VHD) image, Windows 7 can run the legacy apps that enterprises need: Users can still run a 16-bit-only expense-reporting application even though the company decided not to buy upgrades or support it any longer. They won't notice that a Windows XP virtual machine is running the app. But IT folks are cringing. Some of us are still trying to figure out how to manage patching and updating a single OS on a machine, so adding more -- not to mention the Virtual PC application running the whole show -- doubles or even triples the amount of work.
5. Credential Manager
Did someone at Microsoft say, "Hey, we still don't have enough places in our OS that attackers can target -- let's add another"? If so, I would like to meet that person and have him deal with Patch Tuesday at my company. Microsoft has created the Credential Manager, which is a just an updated Stored User Names and Password feature from Windows XP. It's an encrypted storage shed for a simple form of single sign-on, holding usernames and passwords in the Windows Vault. So let's have users put all of their private logon information in a central database on their local machines, which could be lost or stolen at any time. How long do you think it will take for attackers to crack that encryption, if they haven't already? How long before one is able to get that information from Joe User's machine and see, for example, that he is required to use his Social Security number to log into his bank account? Oh, what, you didn't think that Joe would just use that Credential Store just for company logins, did you? Now you're thinking like Microsoft.
ABOUT THE AUTHOR
Mike Nelson has been in IT for over 20 years, with exposure to a very diverse field of technologies and solutions. He has devoted over half a decade to virtualization and server-based computing. Nelson is currently a senior analyst at a Fortune 100 company in the U.S. Midwest.