THANK YOU!
Windows 7 from the Why to
Security, Management and
Deployment
Presented by Matt Hester
IT Pro Evangelist
Microsoft Corporation
mhester@microsoft.com
@matthewhester
http://blogs.technet.com/matthewms
My promises to you…
 Have some Fun!
 Learn at least one thing new!
 Make myself available to you
 blogs.technet.com/matthewms
 mhester@microsoft.com
 @matthewhester
So please …
 Ask questions and enjoy!
Would you have invested in 1978…
Windows 7: Works the Way You Want
Faster, More Reliable
More Responsive


Quicker startup and shutdown
Fewer services run by default
“Overall, I’m impressed with how
reliable this Windows release has
been.”
—Ed Bott, ZDNet
“…on looking at this latest build, I’ve
no doubt that not only will Windows 7
will be fast. In fact it will blow away all
previous Windows OSes, including the
sainted Windows XP.”
—Adrian Kingsley-Hughes, ZDNet


Windows 7: Works the Way You Want
Design Fundamentals
Faster, more reliable
More secure
More Secure

™
™
“For enterprises, which typically have most
to lose when data escapes on a stolen or lost
flash drive, BitLocker To Go is a killer
feature.”
—Adrian Kingsley-Hughes, ZDNet

®

“If you haven’t yet given Internet Explorer
a look recently – you Firefox-using
browser snob, you – you should at least
look at Internet Explorer 8. It’s a better
browser than ever.”
—Paul Thurrott, Windows IT Pro
Windows 7: Works the Way You Want
Design Fundamentals
Faster, more reliable
More secure
More compatible
Windows 7: Works the Way You Want
More Compatible


“…it is highly compatible with the
software and hardware I use on a
regular basis.”
—Paul Thurrott, SuperSite for
Windows
“All devices were recognized by the
Windows 7 installer and this system
is using only drivers from the
Windows installation media or
Windows Update. That in itself is a
remarkable accomplishment.”
—Ed Bott, ZDNet
Windows 7: Works the Way You Want
Design Fundamentals
Faster, more reliable
More secure
More compatible
Easy to use
Windows7: Works the Way You Want
Easy to Use



“In general, I have found Windows 7 a pleasure to use.”
—Walt Mossberg, Wall Street Journal
Let’s Take a Look
Windows 7
IT Security Challenges
 Flexible work styles
 Cost versus agility
 Anywhere access
 Digital natives
 Compliance
 Desktop control
Another Security Challenge
Active Directory® Rights Management Services (RMS)



Policy definition and enforcement
Protection for information wherever it travels
Integrated RMS client
Encrypting File System (EFS)


User-based file and folder encryption
Ability to store EFS keys on a smart card
BitLocker and BitLocker To Go



Ease of configuration and deployment
Ability to share data with coworkers, clients, partners, and others
Support for compliance and data security
BitLocker and BitLocker To Go
Increased Data Protection
Extend BitLocker drive encryption to removable devices
 Create group policies to mandate the use of encryption and
block unencrypted drives
 Simplify BitLocker setup and configuration of primary hard
drive

+
Let’s Take a Look
Bitlocker
BitLocker will not protect….
Internet Explorer 8 Security






Let’s Take a Look
IE 8
User Account Control














Let’s Take a Look
UAC
AppLocker
Challenges
Users can install and run non-standard applications
 Even standard users can install some types of software

Solution
Eliminate unwanted, unknown applications in your network
 Enforce application standardization within your organization
 Easily create and manage flexible rules using Group Policy

Let’s Take a Look
AppLocker
What is PowerShell?
What is PowerShell?
Object
Oriented
Rich script
environment
Task
Automation
Bulk
Operations
Interactive
Shell
When to Use


Use PowerShell for consistent, repeatable tasks
Built-in providers


Aliases


Talk to Active Directory, registry, WMI, etc. natively
Bridge the gap for previous languages
Tab complete
If it's a good script I'll do it. And if it's a bad script, and they pay me
enough, I'll do it.
George Burns
Windows PowerShell Syntax
Verb
Noun
PS> get-service
Name
Argument
String
–name
“*net*”
Command
Parameter
Property Names
Status
-----Stopped
Running
Name
---NetLogon
Netman
CAsE
InSeNsitIve!*
DisplayName
----------NetLogon
Network Connections
Property Values
How To Find Help
Power of the Pipe

The Pipe Operator “|”




Output from one command becomes input for the next
String together multiple commands
Parameter binding is the key
“|” routes information to the correct parameters – with
very little effort
Common Cmdlets
Productive cmdlets
Get-Help
Get-Help Get-Process
Get-Command
Example
Utility cmdlets
Format
Get-Service | Format-List
Sorting
Get-Process | Sort-Object
-Property CPU
Get-Member
Get-Service | Get-Member
Restart-Service
Restart-Service IISADMIN
Redirecting Output
Get-Service | Out-File –
FilePath C:\temp\services.txt
Remoting with PowerShell
 Introduced in v2
 Utilizes WinRM (Windows Remote Management),
based on WS-MAN (Web Services for Management)
 A PSSession is a persistent connection
 Interact with sessions 1:1
Security and Windows PowerShell
Default Execution Policy Is
Restricted
Execution Policy Can Be
Modified
• Set-ExecutionPolicy
• Group Policy
Policy
Effects
Restricted
No scripts
AllSigned
All scripts must be
signed
RemoteSigned
Local scripts,
remote signed
Unrestricted
Nothing signed
Let’s Take a Look
PowerShell 2.0
Introduction
Why Deploy Windows 7?
Annual Cost
Savings /PC
Power Savings
Total Direct IT
Costs Savings
Up to 20%
savings
of Direct IT Costs
With these kind of cost savings
Why Stay on Windows XP?
Deployment Concerns
How do I plan
my deployment
project?
What hardware
do I need to
replace?
Are my
applications
compatible with
the new OS?
How do I get to
a standard OS
image?
How do I migrate
data and settings?
Where do I find
guidance for
desktop and server
deployment?
How do I avoid
spending time at
the computers
receiving the
upgrade?
Or you are concerned about
Microsoft Deployment Options
High-Touch
with Retail
Media
High-Touch with
Standard Imaging
Lite-Touch,
High Volume
Deployment
Zero-Touch, High
Volume Deployment
<100
100-200
200-500
>500
IT Generalist
IT Pro
IT Pro with WDS
IT Pro with
SCCM Experience
Retail
Retail and Software
Assurance
Software
Assurance
Enterprise Agreement
Small
Unmanaged
Medium
Standardized
Managed Network
Enterprise Network +
SCCM
Application
Support
Manually
Manually and
LOB customizations
Automatically
and LOB
Automatically
using SCCM
User interaction
Manual
Hands-on
Manual
Hands-on
Limited Interaction
Fully Automated
WAIK, Easy
Transfer <25
WAIK, MDT, ACT
WAIK,MDT ACT,
MAPT,WDS
WAIK,MDT,ACT,
MAPT,WDS, SCCM
Number of
Client
Computers
IT Skill Level
Windows
Licensing
Infrastructure
Tools
Deployment Tools
Microsoft Deployment Toolkit 2010
Windows Automated Installation Toolkit
Microsoft Deployment Toolkit 2010
 The single,
comprehensive Microsoft
methodology to deploy
desktops and servers
 Enables automated
image installation
 Provides technology for
ongoing desktop and
server image
management
www.microsoft.com/MDT
Microsoft Deployment Toolkit 2010
Microsoft Deployment Toolkit 2010
Zero Touch
Lite Touch
• User initiated
• Minimal management
infrastructure
• Wizard driven
• Aligns with Configuration Manager
with Configuration Manager 2007
•
•
•
•
Fully integrated experience
Single console
Adds server support
Extends and enhances ConfigMgr 2007
Leverages core deployment tools
Provides process and tool guidance
What’s New with MDT 2010
Windows 7 and Windows
Server 2008 R2 Support
Deployment Workbench
Architecture Enhancements
Supports the latest operating systems
Support for System Center Configuration
Manager 2007 SP2
Support for latest deployment tools
Improved Management Model
Improved security support
Improved performance for replicating linked
deployment shares
Script Architecture
Enhancements
Support for automation of management
tasks using Windows PowerShell™ cmdlets
Enhancements in task sequence steps and
scripts
What’s Been Removed
Support for Microsoft Systems Management
Server (SMS) 2003
Windows AutomatedInstallation Kit
(WAIK) for Windows 7
 Windows System Image Manager (WSIM)
 ImageX
 Deployment Image Servicing and Management
(DISM)
 Windows Preinstallation Environment (WinPE)
 User State Migration Tool (USMT)
MDT 2010
Deployment Process
MDT 2010 Deployment Process
Steps
More Information
1. Assess your company’s readiness
Microsoft Assessment and Planning Toolkit
2. Analyze application compatibility
Microsoft Application Compatibility Toolkit
(ACT) Version 5.5
3. Prepare infrastructure for deployment
4. Install MDT 2010 and required components.
5. Create a deployment share
Getting Started
Preparing the Windows Deployment Services
Server
Preparing the Deployment Environment
Microsoft Deployment Preparing for LTI Tools
Microsoft Deployment Workbench Imaging
Guide
6. Build a task sequence that installs Windows 7
Modifying Task Sequences
7. Create boot images
Preparing the Deployment Environment
8. Copy boot images to a portable storage
device
Walkthrough: Create a Bootable Windows PE
RAM Disk
9. Deploy Windows 7 to each computer.
Running the Windows Deployment Wizard
10. Activate Windows 7
Windows Volume Activation
Custom Image Creation Process
MDT Initial Setup
Create and stock the
Deployment Share
Create New Deployment Share

Step 3-1
Add Operating System

Step 3-2
Add Drivers

Step 3-3
Add Task Sequence

Step 3-4

Step 4

Step 5
Add Applications
Add Packages
Task Sequence
Create and Capture
Custom Image
Deploy Custom Image
Configure Deployment Properties
Build and Capture Custom Image
Import Custom Image for Mass Deploy
The Best Image in the world!
Let’s Take a Look
The MDT, everything we just
talked about!
Windows 7 Deployment Resources
Download the Microsoft Deployment Toolkit 2010

http://go.microsoft.com/fwlink/?LinkId=159061
Download WAIK for Windows 7

http://go.microsoft.com/fwlink/?LinkId=136976
Learn more about the MDT 2010

http://www.microsoft.com/mdt
Windows 7 Deployment Guide

http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx