windows 7 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Windows 7 PowerPoint Presentation
Download Presentation
Windows 7

Loading in 2 Seconds...

play fullscreen
1 / 65

Windows 7 - PowerPoint PPT Presentation

  • Uploaded on

Windows 7 . Overview. Windows 7 Builds on Windows Vista Deployment, Testing, and Pilots Today Will Continue to Pay Off. Similar Compatibility: Most software that runs on Windows Vista will run on Windows 7. Exceptions will be low level code (AV, Firewall, Imaging, etc).

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Windows 7' - blythe

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
windows 7

Windows 7


windows 7 builds on windows vista deployment testing and pilots today will continue to pay off
Windows 7 Builds on Windows VistaDeployment, Testing, and Pilots Today Will Continue to Pay Off
  • Similar Compatibility:
  • Most software that runs on Windows Vista will run on Windows 7. Exceptions will be low level code (AV, Firewall, Imaging, etc).
  • Hardware that runs Windows Vista well will run Windows 7 well.

Few Changes: Focus on quality and reliability improvements

Deep Changes: New models for security, drivers, deployment, and networking

windows 7 for the enterprise
Windows 7 for the Enterprise

Make Users Productive Anywhere

Enhance Security & Control

Streamline PC Management

  • At their desk
  • In a branch
  • On the road
  • Protect data & PCs
  • Built on Windows Vista foundation
  • Easy migration
  • Keep PCs running
  • Virtualization
remote access for mobile workers make users productive anywhere
Remote Access for Mobile Workers Make Users Productive Anywhere

Situation Today






  • New network paradigm enables same experience inside & outside the office
  • Seamless access to network resources increases productivity of mobile users
  • Infrastructure investments also make it easy to service mobile PCs and distribute updates and polices
  • Difficult for users to access corporate resources from outside the office
  • Challenging for IT to manage, update, patch mobile PCs while disconnected from company network

Windows 7 Solution

  • Support IPv4 via 6to4 transition services or NAT-PT

IPv4 Devices

IPv6 Devices

IT desktop management

  • DirectAccess provides transparent, secured access to intranet resources without a VPN
  • Allows desktop management of DirectAccess clients

Native IPv6 with IPSec

AD Group Policy, NAP, software updates

IPv6 Transition Services

  • Supports direct connectivity to IPv6-based intranet resources




Supports variety of remote network protocols

  • Allows IPSec encryption and authentication

Windows 7 Client

name resolution dns and the nrpt
Name Resolution: DNS and the NRPT
  • Remote DirectAccess clients utilize smart routing by default
  • The Name Resolution Policy Table allows this to happen efficiently and securely
  • Sends name queries to internal DNS servers based on pre-configured DNS namespace

DirectAccess Connection

Internet Connection

  • Client side only
  • Requires a leading dot
  • Static table that defines which DNS servers the client will use for the listed names
  • Configurable via GPO at Computer Configuration |Policies|WindowsSettings|Name Resolution Policy
  • Can be viewed with NETSH name show policy
two factor authentication tfa
Two Factor Authentication (TFA)
  • Not required; fully supported
  • Edge based enforcement: a smarter way to enforce TFA
  • User is assigned a well-known SID when they log on with a smartcard


  • User may logon to laptop without TFA
  • When user accesses corporate resources,
  • IPsec authorization policy checks for this SID
  • If SID is not present…
branch office network performance make users productive anywhere
Branch Office Network PerformanceMake Users Productive Anywhere

Situation Today


  • Application and data access over WAN is slow in branch offices
  • Slow connections hurt user productivity
  • Improving network performance is expensive and difficult to implement
  • Caches content downloaded from file and Web servers
  • Users in the branch can quickly open files stored in the cache
  • Frees up network bandwidth for other uses

Windows 7 Solution

distributed cache
Distributed Cache

Main Office








Branch Office



hosted cache
Hosted Cache

Main Office




















Branch Office

hosted cache vs distributed
Hosted cache vs Distributed

Distributed Cache

Distributed Cache

Data cached amongst clients

  • Recommended for branches without any infrastructure
  • Easy to deploy: enabled on clients through Group Policy
  • Cache availability decreases with laptops that go offline


Hosted Cache

Data cached at the host server

  • Recommended for larger branches
  • Cache stored centrally: can use existing server in the branch
  • Cache availability is high
  • Enables branch-wide caching

Group Policy to enable clients

Branch Office

Branch Office

Install BranchCache™ feature R2 content servers



Branch Office


File Server

  • Optionally, install a hosted cache in your branch.

Group Policy


Main Office

additional configuration options
Additional configuration options
  • Enable / disable distributed cache mode
  • Enable / disable hosted cache mode
  • Set the cache size
  • Set the location of the hosted cache
  • Clear the cache
  • Create and replicate a shared key for use in a server cluster
  • And more …
  • Works in domains and workgroups
  • Event logs - Operational logs & Audit logs
  • Perfmon counters - Client, hosted cache and Content Server
  • netsh for querying the infrastructure for potential problems
    • Cache size too small, firewall issues, certificate problems etc
  • SCOM Management Pack - for rolling all the information up
security of data at rest
Security of Data at Rest
  • Clients
    • Cache only contains content requested by the client
    • Data in cache ACL’d so that it is only accessible if authorized by the server
    • If data leakage is a concern, then use BitLocker or EFS
  • Hosted Cache
    • Cache contains content requested by all branch clients
    • Use BitLocker or EFS to encrypt cache as necessary
  • All data can be purged from the cache using netsh
scale and performance
Scale and Performance
  • Scale
    • Distributed cache scales well to approximately 100 users per branch
      • WS-Discovery traffic is a key consideration
      • Results may vary
        • Highly dependant on content, workload and usage patterns
    • Hosted Cache scalability is comparable to standard file server workloads
  • MSIT pilot in Belgium
    • Approximately 70% reduction in \\products\public related SMB traffic
bitlocker data protection enhance security control
BitLocker - Data ProtectionEnhance Security & Control
  • Users store increasing volumes of data, including sensitive or data on the removable storage devices
  • Removable storage devices are easy to lose and, unlike PC, the loss may go unnoticed for a while

Situation Today

BitLocker To Go™


  • Protect data on internal and removable drives
  • Mandate the use of encryption with Group Policies
  • Store recovery information in Active Directory for manageability
  • Simplify BitLocker setup and configuration of primary hard drive

Windows 7 Solution

application control enhance security and control
Application Control Enhance Security and Control

Situation Today


  • Eliminate unwanted/unknown applications in your network
  • Enforce application standardization within your organization
  • Easily create and manage flexible rules using Group Policy
  • Users can install and run unapproved applications
  • Even standard users can install some types of software
  • Unauthorized applications may:
    • Introduce malware
    • Increase helpdesk calls
    • Reduce user productivity
    • Undermine compliance efforts

Windows 7 Solution

applocker tm

Technical Details

  • Simple Rule Structure: Allow, Exception & Deny
  • Publisher Rules
    • Product Publisher, Name, Filename & Version
  • Multiple Policies
    • Executables, installers, scripts & DLLs
  • Rule creation tools & wizard
  • Audit only mode
publisher rules
Publisher Rules
  • Rules based upon application digital signatures
  • Can specify application attributes
  • Allow for rules that survive application updates

“Allow all versions greater than 12 of the Office Suite to run if it is signed by the software publisher Microsoft.”

simple rule structure
Simple Rule Structure

“Allow all versions greater than 12 of the Office Suite to run if it is signed by the software publisher Microsoft EXCEPT Microsoft Access.”

  • Allow
    • Limit execution to “known good” and block everything else
  • Deny
    • Deny “known bad” and allow execution of everything else
  • Exception
    • Exclude files from allow/deny rule that would normally be included
rule targeting per user
Rule Targeting Per User
  • Rules can be associated with any user or group
  • Provides granular control of specific applications
  • Supports compliance by enforcing who can run specific applications

“Allow users in the Finance Department to run…”

multiple rule sets
Multiple Rule Sets

“Allow users to install updates for Office as long as it is signed by Microsoft and is for version 12.*”

  • Rule Types
    • Executable
    • Installer
    • Script
    • DLL
  • Allows construction of rules beyond executable only solutions
  • Provides greater flexibility and enhanced protection
full fidelity remoteapp and remote desktop
Full Fidelity RemoteApp and Remote Desktop
  • RemoteApp and Remote Desktop connections
      • RemoteApp and Remote Desktop icons integrate into the Start menu
      • Icons refresh and update automatically
  • Multimedia support and audio input
      • Experience rich multimedia redirection
      • Use VoIP applications and speech recognition
  • True multiple monitor support
      • Use up to 10 monitors of any size or layout with RemoteApp and Remote Desktop
      • Applications behave like users expect – e.g. PowerPoint installing them locally
  • Aero Glass for Remote Desktop Server
      • Uses have the same new Windows 7 look and feel when using Remote Desktop Server
  • RemoteApp language bar support
      • Configure applications that use different language settings than the local language (such as right-to-left languages)
virtual desktop infrastructure streamline pc management
Virtual Desktop InfrastructureStreamline PC Management

Situation Today

  • Richer Remote Experience
  • Richer graphics with improved multi-monitor support
  • Use voice for telephony & applications with microphone support
  • Improved printing

Do More With VHDs

  • What is Virtual Desktop Infrastructure?
  • Maintain VHD: Offline servicing of VHD images with same tools used for WIM
  • Boot from VHD: Reuse VHD files for deployment to managed desktop PCs
  • Deploying desktops in virtual machines on server hardware
  • Centralized management & security
  • Users can access their desktop and applications wherever they are


  • Using Windows for VDI scenarios requires additional VECD license

Windows 7 Solution

search in the enterprise make users productive anywhere
Search in the EnterpriseMake Users Productive Anywhere

Situation Today

Search Federation

  • Consistent experience to find data from multiple locations, including SharePoint sites
  • Users and IT can pre-populate Favorites in Windows Explorer to remote search sites that support OpenSearch protocol
  • IT can point users to select search sites w/Enterprise Search Scopes   
  • Current desktop and Enterprise search solutions are good, but not integrated
  • Users need to take different steps to find data on PC and data on servers
  • Data sources are hard to discover

Windows 7 Solution

windows 7 manageability
Windows 7 Manageability
  • Flexible Administrative Control
  • Increased Automation to Reduce Costs
  • Reduce Help Desk Calls and Keep Users Productive
  • Windows PowerShell 2.0
  • Integrated Scripting Environment
  • Windows Troubleshooting Platform
  • Remoteable Reliability Data
  • Problem Steps Recorder

Enhanced Group Policy Scenarios

Group Policy Scripting

  • Group Policy Preferences
what is windows powershell
What is Windows PowerShell?
  • Console
    • Interactive commands
    • Query and configure
    • Run jobs
  • Scripting language
    • Automate everything
    • Sharable and reusable
powershell remoting
PowerShell Remoting
  • To use Local and remote computer need:
    • Windows PowerShell 2.0
    • Microsoft .NET Framework 2.0 or later
    • Windows Remote Management 2.0
  • To configure PowerShellremoting:
    • start PowerShell as admin
    • Use enable-psremotingcmdlet
    • Configures firewall and Winrm Service
windows powershell remoting
Windows PowerShellRemoting
  • Use the ComputerName parameter with select cmdlets
    • Get-Process –ComputerName Berlin
  • Run a command on remote computer
    • Invoke-Command –ComputerName Berlin ` -ScriptBlock { HostName}
  • Open a PowerShell session on remote computer
    • Enter-PSSession –ComputerName Berlin
    • [berlin]: PS C:\> HostName
    • [berlin]: PS C:\> Exit-PSSession
deployment enhancements
Deployment Enhancements




Deployment Image Servicing and Management

Add/Remove Drivers and Packages

WIM and VHD Image Management

Windows Deployment Services

Multiple Stream Transfer

Dynamic Driver Provisioning

VHD and WIM Support

User State Migration Tool

Hardlink Migration

Offline File Gather

Improved user file detection


Microsoft Assessment and Planning

Application Compatibility Toolkit

Microsoft Deployment Toolkit

windows o p timized d e sktop
Windows Optimized Desktop

Unique Value with SA+MDOP

Core PC Platform

windows optimized desktop windows 7 mdop investment areas
Windows Optimized Desktop:Windows 7 & MDOP Investment areas

Make Users Productive Anywhere

  • Improve Security and Control

Streamline PC Management to Save Costs

Direct Access


Federated Search




  • BitLocker
  • BitLocker To Go
  • AppLocker
  • Security development lifecycle
  • AIS


Windows Troubleshooting Platform

Deployment Tools

VDI Enhancements




  • MDOP


Performance | Reliability | Compatibility

why my customers need med v the challenge of upgrading to a new operating system
Why my customers need MED-V?The challenge of upgrading to a new operating system

First upgrade – then migrate!




Test compatibility of all applications with the new OS

Migrate or replace incompatible applications

Upgrade the organization to the new OS

introducing windows virtual pc
Virtual PC 2007Introducing Windows Virtual PC

Windows 7 Virtual PC

  • Primary Audience: Developers / IT
  • Typical guest OS: Multiple Guest OS
  • Scenario: Windows XP Compatibility for small businesses with no IT
  • Cost: None. Virtual Windows XP is included with Windows 7 Pro
  • Features: Seamless integration, USB device support
how med v relates to windows xp mode
How MED-V Relates to Windows XP Mode

Windows Virtual PC (“XP Mode”) Provides the Ease of Use for End Users

  • A preconfigured virtual Windows XP SP3 (32bit) environment
  • Easy to install your applications on Windows XP and run from Windows 7 desktop
  • Well integrated into Windows 7
  • Designed for small businesses and consumers

MED-V – Application-OS compatibility for the Enterprise

  • Deploy virtual Windows XP images and customize per user
  • Provision and define applications and websites to users
  • Control Virtual PC settings
  • Maintain and Support endpoints through monitoring and troubleshooting
  • MED-V will not require PCs to have hardware assisted virtualization (e.g. Intel VT, AMD-V)
med v deploying virtual pcs in the enterprise
MED-V – Deploying Virtual PCs in the Enterprise
  • MED-V* Centrally Manages Virtual Windows Environments
  • Deploy – deliver virtual Windows images and customize per user
  • Provision – define which applications and websites are available
  • Control – set usage permissions and Virtual PC settings
  • Maintain and Support - monitor and troubleshoot end points
  • MED-V will provide a solution for enterprise devices without hardware assisted virtualization (e.g. VT)
  • Windows Virtual PC Provides the Ease of Use for End Users
  • Run Windows XP or other Windows environments on Windows 7
  • Install and launch Windows XP applications from Win7 Desktop
med v v1 architecture
MED-V v1 Architecture


increased value in optimized desktop
Increased Value in Optimized Desktop
  • Make Users Productive Anywhere
    • DirectAccess
    • BranchCache™
    • Enterprise Search Scopes
  • Enhance Security and Protect Data
    • BitLocker & BitLocker To Go
    • AppLocker
  • Streamline PC Management
    • MUI Language Packs
    • VDI Enhancements (VDI requires VECD license)
    • Boot from VHD
    • Subsystem for UNIX
    • 4 Virtual Operating Systems
    • Network Boot License
med v v1 key capabilities
MED-V v1 Key Capabilities

Deploy and provision

  • Deploy IT-managed virtual XP environment to end users
  • Enable customization in heterogeneous desktop environments
    • Automate first-time virtual PC setup (e.g. initial network setup, computer name, domain join)
  • Application provisioning based on Microsoft Active-Directory® users/groups
    • Assign a virtual image and define which applications are available to the user

Control and Monitor

Enable incompatible applications

  • Centrally define Virtual PC settings (e.g. Adjust virtual PC memory allocation based on available RAM on host)
  • Centrally monitor endpoint clients
  • Provide helpdesk tools to diagnose and troubleshoot virtual PCs
  • End users seamlessly use Windows XP applications on their Windows 7 desktop
  • End users automatically see Websites that require Internet Explorer 6 in the virtual environment
typical virtual image life cycle
Typical Virtual Image life-cycle
  • Create a master image
    • Include common software, security and management tools
  • Package the image and distribute
    • Via existing software distribution (e.g. System Center)
  • Image is customized and joined to domain
    • Unique name is assigned for identification
  • Remotely manage as any Windows XP desktop
    • Install applications
    • Apply patches and updates

App-V for the EnterprisePackage, Stream, Manage. Application virtualiization isolates applications to create a conflict free environment with manageability as the cornerstone to successful service delivery.

Application Virtualization Made Easy

Flexible Management


Proven. Real Business Results.

  • No user learning curve. Click to launch any virtual application anywhere
  • Simplify your next Windows rollout
  • Easily prepare Virtual Applications and Dependencies for Deployment.
  • Flexible deployment and streaming options for all business needs.
  • Readily Accessible Applications for Users, Manageable for IT.
  • Virtual Application Management in the box.
  • Mature and Proven
  • Save Time & Money. Deploy Applications Virtually
  • Partners ready to move you from Proof of Concept to Production
microsoft application virtualization
Microsoft Application Virtualization

Application Sequencing – The gateway to Microsoft Application Virtualization

Windows Application CD

Streaming Server


Virtualized Application

Windows Application Installer

Microsoft Application Virtualization Sequencer

Optimization & Compression

MSI Standalone

The admin has the option to stream the virtual application or create an MSI wrapper for Standalone Mode delivery


The Sequencer produces the virtual application package containing the application and its dependencies.

Rapidly packages applications through active watch technology including execution dependencies.

dynamic application interaction dynamic suite composition dsc

Combined Virtual Environment

Independent Virtual Environments

Application Sharing Using DSC

Inter Application Communication

Virtual Environment

  • Administrator controls & configures the virtual application separately
  • Create a “one to one” scenario for single applications that are dependant on each other
  • Create a “many to one” scenario where middleware and plug ins components can be reused
  • Reduces the potential package size
  • Single application with no dependencies still exist
  • Application known to not conflict may be configured to share the same virtual environment
  • Mandatory/Optional dependency configuration options
  • Virtual applications can share common dependencies

Flexible Package Management

Dynamic Application InteractionDynamic Suite Composition (DSC)

App “A”

App “A”

App “B”

App “B”

Virtualize Middleware once share with many


System Services



Manage virtual & physical applications from one PC Lifecycle Management solution

Manage, stream and update App-V virtual applications with capabilities in the box

Integrate App-V into existing environments and processes

Microsoft Application Virtualization Deployment Options

Package, Deploy, Manage. Conflict free applications with manageability as the cornerstone to successful service delivery.

App-V Client, Management Server, Streaming and Sequencing

  • Reduce application conflicts
  • Reduce application compatibility testing
  • Remove application related reboots
  • Dynamic application streaming
  • Always accessible applications

Configuration Manager + Application Virtualization

  • Single Management Console
  • Single Software distribution workflow
  • No additional infrastructure required
  • Integrate Virtual applications with automated OS deployment
  • Full status and reporting of virtual applications
  • Inventory and updating of virtual applications
  • User or Machine targeting
  • Scalable to 100’ s of thousands of devices
  • Standalone execution of virtual applications
  • No server is required
  • MSI wrapper is the configuration control
  • Interoperable with SMS/SCCM & 3rd party ESD
  • Dynamic Delivery
  • Package/Active Upgrade
  • No SQL Server required
  • Allows streaming capability to be added to SMS/SCCM & 3rd party ESD
  • Desktop Publishing Service
  • Dynamic Delivery
  • Package/Active Upgrade
  • Requires Active Directory and SQL Server

Standalone Mode

Full Infrastructure

Lightweight Infrastructure

Server Client

3rd Party PC Lifecycle Solution

Configuration Manager 2007 R2

Enabling Key Scenarios

med v and app v are part of the mdop subscription
MED-V and App-V are part of the MDOP subscription

And what about the Windows XP license for the Virtual PC?

  • Translating software inventory into business intelligence
  • Enhancing group policy through change management
  • Dynamically streaming software as a centrally managed service
  • With Software Assurance, customers can run up to 4 virtual OS on each licensed device
  • Proactively managing application and operating system failures
  • Powerful tools to accelerate desktop repair
  • Simplifying deployment and management of Virtual PCs
the usual answers
The usual answers…

Q: When will this be made available for Vista?

A: It won’t. BranchCache in only supported with Windows 7 Enterprise, Ultimate & Windows 2008 R2 editions.

Q: What size content is cached?

A: 64 KB and greater.

Q: Is there a peer discovery timeout?

A: 300 ms

Q: What kind of encryption is used?

A: Custom scheme based on AES128.

Q: Does knowledge of the hash ID grant access?

A: No. Access must still be granted by the file server.

the usual answers cont d
The usual answers… (cont’d)

Q: Will BranchCache work during WAN outages?

A: No. Clients must be able to contact the content server to get content identifiers.

Q: Can I pre-populate cached files?

A: Sure. Consider using scheduled task , PowerShellRemoting or some other technique. For WSUS & SCCM, consider targeting one client in each remote office before the others.

Q: How doesn’t BC avoid discovery storms?

A: Responses to search requests are staggered. Additionally, if a client detects that many others on the subnet already have a piece of content, it won’t bother caching it too.

the usual answers last one
The usual answers… (last one)

Q: What happens to the local cache if the BranchCache client mode changes?

A: The local cache is unaffected and will still be used by the client:

  • Hosted clients that become Distributed clients will begin responding to WS-D searches, serving data from the same cache.
  • Distributed client that become Hosted clients will stop responding to WS-D searchers, but will continue to use the local cache.

Q: How long does data stay in cache?

A: Until NetSH is used to flush the cache or until the cache is full and starts to roll.

Q: Is BranchCache supported on Server Core?

A: Absolutely.

remote desktop architecture overview
Remote Desktop Architecture Overview

RD Web Access

RD Session Host

RD Client

RD Virtualization Host

RD Connection Broker

RD Gateway

Licensing Server

Active Directory®

remote desktop session host rdsh
Remote Desktop Session Host (RDSH)

RD Session Host Server Farm


RD Session Host Server Farm

(Session-based desktops)

RD Connection Broker

RD Client

app v for rds
App-V for RDS

App-V Management


RD Session Host

RD Virtualization Host

RD Client

remote desktop virtualization h o st rdvh
Remote Desktop Virtualization Host (RDVH)

Personal Virtual Desktops

Pooled Virtual Desktops

RD Connection Broker

RD Client

Active Directory

personal pooled virtual desktops
Personal / Pooled Virtual Desktops
  • Personal Virtual Desktops
    • One OS image per user
    • Administrator access, desktop customizable
    • User state typically part of the image

Personal Virtual Desktops

  • Personal Virtual Desktops
    • Shared OS images, identically configured
    • No administrator access
    • User state temporary )discarded at session end)

Pooled Virtual Desktops

remoteapp overview
RemoteApp Overview

Make programs available via RD Web Access or RemoteApp & Desktop Connection (Windows 7)

Create MSI or RDP files

Applications launched from Web Page, RDP files or MSI shortcuts

Programs look like they are running locally

NEW in R2:

Per-user RemoteApp


RD Client

RD Session Host / RD Virtualization Host

rd gateway new features
RD Gateway – New Features
  • Silent session re-authentication
  • Secure device redirection
  • Idle & session timeout
  • Pluggable authentication
  • Consent signing

RD Virtualization Host

RD Session Host

RD Web


User browses to RD Web Access

RDP over HTTP/S established to RD Gateway RDP 3389 to host

User initiates HTTP/S connection to RD Gateway

RD Client

RD Gateway

rds user experience enhancements
RDS User Experience Enhancements
  • Multiple Monitor Support
  • Enhanced Audio Support
  • Windows Media Redirection
  • Windows Aero Glass Support
  • Enhanced Bitmap Acceleration
rd easy print overview
RD Easy Print Overview

Historical Issues


TS Easy Print

No Match

Close Match

Bad Match