Windows 7 will include many user interface improvements and security enhancements over Windows Vista. It is scheduled for release in early 2010 but past delays mean the date may slip. Windows 7 will offer improved performance and compatibility with existing hardware and drivers compared to Vista. New features include enhanced desktop navigation using libraries, improved remote access using DirectAccess, and enhanced security tools like AppLocker. Windows 7 also expands support for virtualization, networking, and Active Directory administration using PowerShell.
1. The Next Windows:
quot;Lucky Seven?quot;
presented by Mark Minasi
help@minasi.com
tech forum, newsletters at
www.minasi.com
1
2. Topics
Um, what do I do… Vista, Win 7, roll back to
Windows 98?
New UI stuff, networking changes
Rolling it out, securing it, storing things
Virtuality!!!
Active Directory
Saving Money
2
3. Okay, First Thing…
What are they going to call it
(Like anybody cares)
Desktop = Windows 7 (unless it changes)
Server=Windows Server 2008 R2
Server only comes in x64, no x86
Desktop still offers x86
NOTE: when I say quot;Windows 7,quot; I'm usually
speaking generically of both OSes
3
4. quot;When? When? When?quot;
quot;can I skip Vista? Can I can I can I? Pleeze?quot;
The plan is the first half of 2010
But, um, that's the plan…
– 2000 shipped two years late
– 2003 shipped two years late
– 2008 shipped three years late
– So when exactly will 7 ship?
And XP's losing support this year, so many of
us will think, quot;hey, I gotta do something!quot;
4
5. The Vista/Win 7 Choice is Easy
Microsoft knows you hate Vista
(I don't work for Microsoft, and you guys tell
me anyway!)
Vista's main problem was that it came out too
early – many 2005 machines couldn't handle
its needs, drivers didn't exist yet, nor did SP1
Which means that even if you think you hate
Vista, the chances are good that if you took a
fresh look at it today, it'd look pretty good
5
6. Vista or Win 7 = You're Fine
Either Way
And so…
– Speed is about equal between the two
– quot;If it's a Vista driver, it's a Win 7 driverquot;
– quot;If it runs Vista well, it'll run Win 7 wellquot;
– Windows 7 includes nearly 400 quot;fixes,quot; built-in shims
that solve compatibility problems
– Any SDB-type patches created in Vista work on W7
Bottom line: you can use the same hardware
for Vista or Win 7, so Win 7 will cause you no
more planning needs than Vista would
6
7. UI Stuff
SideBar's gone, now gadgets go right on the
desktop
UI does an interesting job of being more
document-centric than app-centric: you can
have MRU lists for as many apps as you like
on the taskbar, as if the app were running
You can control system tray behavior for
each app
7
8. More UI Stuff
Easy adjustment to make two windows share
the screen side-by-side, half apiece
Some tablet users will be able to run their
Win 7 boxes as they were iPhones, all finger
pushes (of course, most tablets currently
don't respond to fingers…)
ONE right-click on the Desktop gets you to
video resolution
Paint and WordPad get the Ribbon!
8
9. More UI: Libraries
New way to show files, sort of an evolution of
how (for example) Vista shows tunes
differently than videos or pictures
Extends to downloaded files (shows their
URL), contacts (shows their essential values)
Essentially it's a meta-view of a bunch of
folders
Includes and extends the notion of search
folders
9
10. The Blue UI: PowerShell
You'll see PowerShell support in a lot of
things – it was a design goal
Win 7 has Powershell 2.0, which does neat
remote stuff
Remoting atop WinRM, not RPC
.NET's now on Server Core, so PowerShell's
on Server Core
10
11. Remote Access News
You've heard about PowerShell and WinRM
Terminal services has new name: Remote
Desktop Services
Not exactly a Win 7 topic, but MS is now
pushing Hyper-V for virtual desktops (quot;MED-
Vquot;)
Server Manager now works remotely for
role/feature control, even on Server Core
11
12. Networking
Mobile broadband support makes mobile
broadband look like a NIC, not dialup
Different NICs can have different firewall
profiles
DHCP now has support for scope failover
from one DHCP server to another and lets
you block/allow MAC addresses
12
13. Deployment
How will we get this thing out?
Same quot;Pantherquot; engine as Vista/08
– Asks questions up front, you go away, come
back, you've got a system running
– Very easy to script with Windows System Image
Manager, free download from Microsoft
Unpopular news for some: you can upgrade
from Vista, but not XP
13
14. Deployment
Multicasting
– Important new changes in WDS multicasting: three
different quot;speed lanesquot; for multicasting images
Dynamic driver provisioning: deploys an image,
and removes unneeded drivers
New tool: DISM replaces peimg, pkgmgr, and
some of ImageX's features
… and DISM patches offline virtual machines
USMT quot;hard linksquot; lets you wipe a disk but
retain whatever files you choose
14
15. Security in Win 7
Some big stuff:
– DirectAccess
– Applocker
– Bitlocker to go
– No more LM
– DNSSEC
And some odds 'n' ends
15
16. DirectAccess
Call it quot;seamless VPNquot;
Microsoft has used a process for years now whereby
employees log onto the network, get an IPv6 address
and tunnel (via Teredo) into MS's corpnet, using
IPsec
Local inside-corpnet-only addresses and names now
look local (quot;Name Resolution Policy Tablequot;
accomplishes it)
Difference: it's seamless
Requires IPv6, IPsec, R2 RRAS servers – set up with
a wizard
16
17. DirectAccess
Benefits:
– Seamless remote access to internal resources
– VPN that doesn't force your Internet traffic to be
encrypted
– Machine/machine connection means that central
IT staff can patch/examine system even when
user's not connected
17
18. AppLocker: SAFER, but Safer
(SAFER= the beta name of Software
Restriction Policies)
Basically an improved Software Restrictions
But it's a lot smarter about handling signed
applications
Includes a wizard that will look at a system
and create an AppLocker policy for it
automatically
18
19. BitLocker To Go
Removable devices can now be bitlockered
You can even create a group policy requiring
it
Or say, quot;we won't write data to this USB stick
unless it's Bitlockeredquot;
As before, you can store keys in AD, or in
external 48-digit keys
19
20. Security
UAC now has a slider with four ticks on it to
control how intrusive it is
Windows Solution Center (which contains the
old Security Center) gives you more control over
what sort of notifications the system gives you,
reducing its irritation factor
Workgroups can now be quot;HomeGroups,quot; a
password-protected group that lets you connect
to resources in your home's network with your
company's PC without your company's security
settings getting in the way
20
21. More Security
Neat new quot;global security access control listquot;
makes object access auditing more useful
Just point to a user and an object and it'll tell
you, quot;user A tried to access object B and
failed/succeeded because of X group
membershipquot;
Multihomed systems can now have different
firewall settings
Read-Only DFS for branch office security
21
22. And Even More…
New group policies let you block NTLM logons
LM can't happen
Windows now has in-the-box support for biometrics
(fingerprint readers etc)
BitLocker To Go encrypts portable devices like
USB sticks… and a group policy lets you mandate
quot;if you want to use a USB stick, it must be
encryptedquot;
quot;VPN reconnectquot; aims to keep you connected even
when the VPN's spotty, as it's smart enough to retry
at multiple VPN junction points
22
23. DNSSEC
Relatively old protocol-wise (2001-ish), but
topical now
Does not secure dynamic DNS updates
Does secure responses to queries, with the
result that it makes a DNS cache poisoning
of the type recently discussed very unlikely
For full effect, it'll require at least all R2 DNS
servers on the forwarders/masters, and
possibly on all DNS servers
23
24. Storage
VHDs are becoming the new quot;containerquot;
standard, and have less and less to do with
VMs
– You can put one on your system, install an OS to
it… and tell bcdedit to boot that OS
– Mounting a VHD in Win7 is called quot;surfacingquot; it
– Diskpart is the basic tool of choice to work with it
– Of course, Vista & 2008 use them for backups
now
24
25. Storage
Consider the idea of a VHD-ed system; it has only
– A C: drive with a boot record, basically
– An E: drive with one file named something like
quot;mywindows.vhdquot;
– Some BCDEDIT commands to point to
e:mywindows.vhd
On drives larger than about 30 GB, Windows
automatically creates a small, un-lettered partition
(whether or not you mess with VHDs)
Makes BitLocker easier to set up and makes for a
quot;cleanerquot; looking C: drive
25
26. BranchCache Lite (quot;Distributedquot;)
So you're in a remote site, and you're using a
file accessed across the WAN…
Someone else on your subnet needs that file…
And you supply it (without knowing)
You advertise your files using a Network
Discovery protocol (the thing that's replaced
Computer Browser in Vista/2008)
Uses multicasts, not broadcasts
26
27. BranchCache Lite
Caches SMB and HTTP/HTTPS traffic
Security integrated so you can't look at things
in the cache that you don't have access to
Only Windows 7 systems can participate
Extra: the SMB client does more caching…
reopen a file and it's as quick as if you've
already opened it
27
28. Hosted BranchCache
What's that you say, you have more than one
subnet?
Enable BranchCaching on a local server
Caches on the basis of hashed 64K blocks
Server is obviously faster and can dedicate
more resources
It's a quot;rolequot; in 2008 R2
Windows 7 clients know to use it because group
policy tells it to
28
29. Virtual Machines/Hyper-V
Live Migration (like VMotion), shifts in ~10 ms
range
New NIC hardware supports separate queues
for different virtual NICs, Hyper-V supports it
Ditto NICs with embedded network switches
Second level address translation on CPUs now
supported – solves a problem (flushing VM
page tables) that can take up to 10% of CPU
time
256 cores supported
29
30. Active Directory Changes
New domain functional level
New task-oriented UI: AD Administration Center
PowerShell cmdlets
AD Recycle Bin
Automatically maintained domain-based service
accounts, new type of account
Best Practice Analyzer
Offline Domain Join
30
31. AD and PS
We get 70+ PowerShell cmdlets for AD
New AD Administration Center is the new AD
GUI tool but, interestingly enough, it's really
just a PowerShell application – PowerShell
2.0 supports GUI forms, so
… but under the hood, it's nothing more than
a GUI front end to PowerShell commands
No quot;reflectivity,quot; though… bummer!
31
32. Saving Money
performance, less power, easier
hardware updates…
32
33. Misc Good Things
Problem Steps Recorder
The way that the OS gives RAM to apps
changes (with Vista, it's pretty generous in an
attempt to make it faster), and so W7 should
use less memory
Non-miniport print drivers mean no (well,
fewer) printer driver blue screens
33
34. Power Management
Big push on this
New quot;AQquot; logo program
Three PM defaults all yield 10% better power
use
quot;Core Parkingquot; shuts down particular cores
or entire sockets when not needed on Hyper-
V systems
34
35. Hardware
Device Stage also contains links to vendor
things like supplies and accessories and,
with hope, PDFs of the manual
Wake-on-wireless LAN
35
36. Thanks for coming!
I'm doing talks on Hyper-V, new Active
Directory features in 2008 R2 and quot;12 Tips to
Secure Your Networkquot; tomorrow and
Wednesday
I am teaching my two-day techie seminar on
Server 2008 next week in Philadelphia and
the end of April in Chicago
Info at www.minasi.com
36
Hinweis der Redaktion
… And I figured that if I said \"NT 6.1 Workstation,\" you guys would look at me really funny
I'm buying stock in windex, personally
If you're not up to speed on the hyper-v stuff, I'm doing a Hyper-V talk tomorrow at 8 AM