wisefaq.com

Stories, and bit rot, from the IT Support Trenches

Security Vista Windows 7

2 and a bit reasons to wait for Windows 7

If you’re a business customer, thinking about making the upgrade from Windows NT4/2000/XP, I’d be waiting for Windows 7.

By all means, plan and test with Windows Vista, and then take the lessons that you learn, to apply for your Windows 7 rollout.

Here are 2 and a bit reasons why:

Reason 1 – Offline Domain Join.
“Offline domain join is a new process that computers that run Windows 7 or Windows Server 2008 R2 can use to join a domain without contacting a domain controller.  This makes it possible to join a domain in locations where there is no connectivity to a corporate network”
Offline Domain Join Step-by-Step Guide

… locations where there is no connectivity to a corporate network

Such as PC build centres, or virtual machines (Windows 2008 R2 based servers for example)

Microsoft also make the point:

“… If there are any problems with the (normal – online domain join process) domain join, such as network connectivity problems or problems associated with necessary servers that are offline, the problems have to be diagnosed and resolved at that time.”

In other words, your PC deployment process STOPS until you fix the problem.  With Offline Domain Join, it removes one less failure point.
Additional italics’ words are mine.

Reason 2 – Bitlocker To Go.
USB memory sticks are a data security nightmare.  You put data on them, then lose them, or leave them where people can read them.  So what’s the solution at the moment?

  1. Deploy the same encryption/decryption software, such as Truecrypt, to all computers in your organisation.
    (what do you do if you have a Sales Exec who wants to share their presentation with a customer, at the customer site?
    how do you recover the data, if an employee gets hit by a tram?)
  2. Use the “”security”” software which comes with the USB memory stick.
    (not standard across your organisation.  requires Administrative Rights to install)
  3. Use a Secure USB memory stick.
    (expensive to buy.  cheaper than data loss, granted, but how many non-IT managers consider that?)

Windows 7 has Bitlocker To Go (BTG).  This Microsoft blog post has more details.
Long story short: Bitlocker encrypts the USB memory stick, places a BTG access program on the drive, and away you go.  You can read BTG files on any Windows Vista (or later) computer.

Reason 3 (the bit reason) – Group Policy Preferences.
Group Policy Preferences are just that, preferences.  And it’s a useful feature.  In a corporate environment, preferences are used every day.  Such as mapping drives as part of a logon script.

Now you can, and should, read the Microsoft whitepaper to see what they think are the benefits, but here are 2:

  1. Mapping drives.
    Don’t need to program this in a scripting language anymore.  No more discussion around “Should we continue to use DOS Batch/Kixtart, or go to VBscript/Powershell”.
  2. INI file updating.
    Based on the user’s location even.  I spent time in previous years writing and maintaining “Localisation” scripting.  Localisation is the process of changing how the computer behaves when you change location.  Simply put, if I travel from Melbourne to Perth for the day, I want to download my updates from the Perth office, not the Melbourne office.
    You can update registry keys as well.

Group Policy Preferences Overview