One of the fundamentals of MS licensing has been changed. It’s always been the case that:
“the only way to get Windows Enterprise is to buy Pro + SA”
Well not anymore!
As of March 2014, there is a standalone Windows 8.1 Enterprise SKU available via Volume Licensing.
Why?
This means organizations who can’t/won’t enter into an agreement with Software Assurance can now benefit from things such as:
Direct Access
AppLocker
Windows To Go
and more
Other SA benefits are not effected so things such as:
New Version Rights
MDOP
Virtualization
etc. are still only available with SA.
What else has changed?
It is now ONLY possible to attached SA to the Enterprise Upgrade SKU.
This takes away one relatively common practise. Organizations would often buy machines with Windows Pro OEM and then attach Windows SA within 90 days. This is no longer possible as SA can be attached only to Enterprise – and that won’t come pre-loaded on machines.
If you bought the OEM devices before July 1st 2014, you still have the 90 days to purchase SA. Once that date passes, it will no longer be possible.
BitLocker is Microsoft’s drive encryption software that first appeared in Vista and now Windows 7, along with Bitlocker to Go for USB devices. Having Hard drive and USB drive encryption built into the desktop OS is a great idea, as it reduces the cost & complexity barriers for companies looking to adopt better security practices.
Recently, a story came out that Bitlocker had been “broken” and that a commercially available tool was now able to bypass the security (I saw this on Ars Technica but I’m sure many other places reported it too). When I saw the headline I thought “Oh sh*t…that’s a fly in the old ointment ain’t it?” (don’t ask me why I was thinking in that style of voice!) but then I read the article and saw this gem in the 1st paragraph:
“It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk.”
So this requires the machine to be “hot” i.e. on…as soon as it’s turned off, the memory is dumped and it’s ok…not exactly crack of the century is it?! 🙂 Plus most, if not all encryption offerings from TrueCrypt, PGP etc are vulnerable to this…
The vast majority of comments on Ars Technica saw this for the ineffectual non-story that it was:
although there were of course a few people who took this as a chance to point out that Linux was better that Microsoft and all proprietary software evil…but that’s nothing new!
Ars Technica have made an update to the article saying:
“this isn’t exactly a "crack" for BitLocker”
but it doesn’t really show, in my opinion at least, how pointless the story was and doesn’t re-assure that BitLocker is jsut as safe as people thought it was.
Paul Cooke of the Windows Blog team has a great post all about BitLocker and these recent claims here:
One of Windows 7’s many great new features is BitLocker To Go-a built in encryption tool for removable USB devices. Enabling users to store important/sensitive data on USB sticks and protecting that data should the device be lost. As it’s a new feature in Windows 7, people have been wondering about inter-operability with previous OS versions such as Vista & XP. The answer is here:
Windows 7 BitLocker To Go Reader
This enables users with BitLocker encrypted USB devices to share data with users on Vista and XP. It will allow you to copy encrypted files from the drive onto the Vista/XP machines but:
“Once you copy the files from the encrypted drive, they will no longer be protected by BitLocker in the new location, even though they’ll still be protected on the encrypted drive”
It’s worth noting that you can only unlock the drive using Reader if you’ve got the password information etc…it doesn’t just allows random unlockings 🙂
For more information and step by step instructions on using BitLocker to Go Reader on XP/Vista, see:
A number of Windows 7 features have been announced today (28/10/08) at the Microsoft PDC 2008. The vast majority of the features we saw today were for the consumer but fear not, Microsoft promise there are numerous Enterprise related additions too! These include:
Federated Search: Deliver a consistent experience finding file across PCs, networks, and Microsoft Office SharePoint Server systems.
DirectAccess: To link users to corporate resources from the road without a virtual private network.
BranchCache: To make it faster to open files and Web pages from a branch office.
Bitlocker ToGo: Data protection for removable devices.
Refined Universal Access Control: To give fewer prompts for users and more flexibility for IT.
PowerShell and group policy management.
Client virtualization: With virtual desktop infrastructure enhancements, to improve memory utilization and user experience.
Device Center: To provide a single place to access all connected and wireless devices with Device Stage, to see status and run common tasks from a single window.
HomeGroup: To make it easier to share media, documents, and printers across multiple PCs in offices without a domain.
Direct Access:
“DirectAccess in Windows 7 and Windows Server 2008 R2 enhances the productivity of mobile workers by connecting them seamlessly and more securely to their corporate network any time they have Internet access—without the need to VPN.”
Anything that means we don’t need to use VPN’s is brilliant! I find they rarely work as well as end users need them to and they can make a System Admin’s life difficult, so removing VPN’s could be enough to make the detractors forget all about Vista!
“With DirectAccess, IT administrators can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on.”
“To keep data safer as it travels public networks, DirectAccess uses IPv6-over-IPsec to encrypt communications transmitted across the Internet. DirectAccess can use split-tunnel routing, which reduces unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server (running Windows Server 2008 R2)…”
Bitlocker To Go:
With all the lost data flying around these days, BitLocker To Go extends the proven BitLocker technology to removable USB devices, securing them with a passphrase. “In addition to having control over passphrase length and complexity, IT administrators can require users to apply BitLocker protection to removable drives before being able to write to them”.
Administrators can still allow unsecured USB devices to be used in a Read-Only mode and policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.
A related addition is AppLocker which is “a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops.” It uses “publisher rules” that are based on digital signatures so, with correctly structured rules, you can deploy updates etc without having to create new rules.
Virtualization Enhancements
Virtual Desktop Infrastructire (VDI) in Windows 7 is closer to the experience of a local PC now with support for Aero, video viewing in Media Player 11 and multiple monitor configurations. New microphone support enables remote desktops running WIndows 7 Enterprise to provide VOIP & speech recognition functionality. Last, but by no means least, is Easy Print which allows users to print to local printers without installing drivers on the server.
The guys over at ActiveWin have got a great, in-depth review of the Windows 7, M3 Preview which contains any number of screenshots and a whole host of info. Some of the bits that caught my eye were:
Location Aware Printing:
In Windows 7, you no longer need to select the printer to match your location. When you change network locations, such as taking your work laptop home for the evening, the default printer setting can change to reflect the best printer for that new location. When you print at work, Windows 7 will print to your work printer. When you print at home, Windows 7 will automatically select and use your home printer.
Media Player 12 will ship with Windows 7 and according to ActiveWin: “this new version features radical changes to its menu structure, with some menus positioned on the left and right sides of the interface…and features two thick toolbars of controls, the second one focusing on traditional features such as Organization, Sharing, Playlist and Search…Common media formats supported include WMV, WMA, MPEG-4, AAC and AVC/H.264.”
Ultra Wideband (UWB) and Wireless USB (WUSB):
UWB and WUSB are new technologies that provide wireless alternatives to USB cables. Support for UWB and WUSB in Windows 7 lets you take advantage of new wireless devices and wireless USB hubs.
Libraries also seem like a really cool multimedia feature. I’m forever duplicating files as I can’t find where I saved them, creating numerous folders in different places all with the same names and finally just keeping stuff on my desktop so I don’t lose it. None of this leads to a brilliant user experience at home or at work and this is where Windows 7 libraries come in.
“With Libraries, you can not only organize, but view and manage files that that are stored in more than once place. This reduces the need to view files even when they are stored in different folders. Libraries are so powerful that they even span different disk drives and/or PCs on your home network. There are a range of options for organizing and browsing, by type, date taken or genre depending on the file type.”
On top of this, there is the already well known addition of touch and multi touch capabilities to Windows 7. If you’ve got a touchscreen monitor, or more likely a Tablet PC, you can open things from the Start Menu etc by pressing them. MultiTouch will let you zoom in and out on images by moving 2 fingers together/apart as needed and more..
Another new feature of Windows 7 will be the ability to re-order applications on the taskbar…I think this is awesome! This is one of those little things that has annoyed me for years and will finally be gone. I have a certain order that I like my applications to be in and I always have Outlook as the first program. However at the minute if I have to re-start Outlook it ends up buried on my Taskbar between to IE windows or something..and then it takes me a little while each time I need to go back Outlook.
I’ve asked around the office and this addition is met with unanimous approval!
Something else I’ve just seen on pcworld.com is that you can schedule desktop background changes with WIndows 7, I think that’s quite a neat touch!
Over at ZDNet, Ed Bott has got a great gallery of Windows 7 Screenshots which you can find here. Below is a shot of the desktop which shows another new feature, that gadgets are no longer confined to that bar on the right hand side..now they can reside anywhere on the desktop 🙂
Cloudy with a chance of Licensing 