• Planning for the Security Features of Windows 7
• Neil MacDonald
• 21 October 2009
• With Windows 7, Microsoft has added and extended many security capabilities in its flagship Windows operating system (OS). Deciding which features to activate as well as testing will impact the planning for every Windows 7 rollout.

Key Findings

• Collectively, the security improvements to Windows 7 provide the most compelling reasons to upgrade.
• Many of the security features are only available with the enterprise stock-keeping units (SKUs) of Windows 7, which are only available to subscribers of enterprise agreement/software assurance (EA/SA; maintenance on the OS) or in the Ultimate version.
• New capabilities like BitLocker To Go and AppLocker provide basic capabilities, but dedicated security solutions offer greater functionality.
• From XP and Vista, Microsoft has made further changes in its Windows filter driver, which will require the recertification of all your organization's security tools (antivirus [AV], virtual private network [VPN], firewall, etc.).
• The move to 64-bit Windows will have a significant impact on security tools and testing.
• In a few cases, capabilities are provided for older versions of Windows, but many are unique to Windows Vista and Windows 7. Some are available only with Windows 7.
• No Microsoft security solutions for Mac or Linux are available, and only in a few cases are interoperable third-party solutions available. Likewise, the security capabilities of Windows 7 aren't available for Windows Mobile.
• Most security features of Windows 7 lack a dedicated management console and rely almost exclusively on Group Policy Objects (GPOs).
• The two most important things any Windows installation can do to improve security are to get off of Internet Explorer 6 (IE6) and run users as standard user and, although a migration to Windows 7 might make these easier, it doesn't require Windows 7 to take these steps.
  Read more

Avecto Ltd

• Empowering Users
• Preventing users from making unwanted desktop changes without restricting them from performing their job function continues to pose serious challenges for almost all organizations. Striking a balance between providing users with a degree of control over their desktop configuration and protecting the standard desktop build is difficult, as this control often results in granting admin rights to a user.

• Compliance and Windows 7
• The concept of least privilege has become more prevalent in recent years due to the need for many organizations to be compliant with standards such as PCI DSS, Government Connect, Sarbanes Oxley (SOX), FDCC and HIPAA. We predict that the growing adoption of Windows 7 will have a significant impact on helping organizations achieve regulatory compliance.

• Windows 7 Security and Group Policy
• Microsoft provides many tools to help administrators secure their Windows desktops. These tools include security templates, GPO Accelerator, Security Compliance Manager and Group Policy. Knowing where to find, and how to implement, these tools is not always obvious.

• Win 7 Educational Webinar
• In our series of hour long educational webinars, we look to provide attendees with a good understanding of how implementing a policy of least privilege will enable:

• Enhanced user productivity
• Improved Security
• Better operational management