The more enterprises get to know Windows 7, the more useful features they'll find. Among the neatest things in that operating system are the management tools for the Ultimate and Enterprise versions (often in combination with Windows Server 2008 R2). Here are my three favorites:
Arguably the most-needed from a security perspective, AppLocker lets you define and manage via Group Policy Objects (GPOs) exactly which executables run on your user's desktops. It's not unlike third-party whitelisting tools, such as Faronics' Anti-Executable and the Windows Software Restriction Policies, we've had available to us in the past. But now you've got a more feature-rich whitelisting/management application built right into the OS.
DirectAccess is a virtual private network alternative that allows remote users to connect directly to the corporate network without the hassles of loading a VPN client from their workstations. It's a single-user interface that connects users to the Internet and an intranet at the same time. In my opinion, the coolest thing about DirectAccess is how it pushes Windows updates out any time the computer is connected to the Internet.
Windows XP Mode
Windows XP Mode is a full-blown version of Windows XP SP3 that runs inside a Microsoft Virtual PC session in Windows 7. As long as you have a reasonable amount of memory to support it, all you have to do is download and install Windows XP Mode and Virtual PC, and you've got yourself a working virtual machine in no time.
A great aspect of Windows XP Mode is that it enables users to run virtualized applications. This means that programs are available for use in both a Windows XP Mode virtual session and a Windows 7 session. This is a great way to quickly set up an environment for testing application compatibility, performing security scans and more.
There are numerous other management tools like Federated Search for network searching, BranchCache for speeding up downloads at branch offices, Reliability Monitor for monitoring and troubleshooting OS and application problems, and BitLocker and BitLocker To Go for disk and removable media encryption.
I've always been an advocate of using what you've got as long as it meets your requirements for performance, visibility and control. The new management tools built into the high-end editions of Windows 7 may do just that. You may not be a big fan of the look and feel of Active Directory, GPOs and similar Windows-related administrative functions, but these built-in tools are better than no tools at all.
ABOUT THE AUTHOR:
Kevin Beaver is an information security consultant, expert witness, as well as a seminar leader and keynote speaker at Atlanta-based Principle Logic LLC. In the industry for over 21 years, Beaver specializes in performing independent security assessments and helping IT professionals in their careers. He has authored/co-authored seven books on information security, including Hacking For Dummies and the newly-updated Hacking For Dummies, 3rd edition. In addition, Beaver is the creator of the Security On Wheels audio books and security blog for IT professionals on the go. He can be reached at www.principlelogic.com.
This was first published in August 2011