by Shane O'Neill

Windows 7: Enterprise Features Explained

Feb 18, 20095 mins
Data CenterOperating SystemsSmall and Medium Business

With Windows 7 (and in some cases Windows Server 2008 R2) Microsoft foresees a future without VPNs, encryption on external devices and more expansive desktop search.

The lion’s share of attention about the Windows 7 beta has been on consumer features. The new taskbar with its jumplists, mouse-hover features, easy navigation and the more controllable user account control are the immediate attention-grabbers. But the under-the-hood, less “sexy” enterprise features of Windows 7 are not as well known.

Recently, Microsoft has taken some criticism for neglecting enterprise needs with Windows 7.

Popular blogger and editor of Supersite for Windows Paul Thurrott recently said in an interview with sister site Network World that Microsoft is treating enterprises as an afterthought and “arbitrarily locking Windows enterprise features to Windows Server 2008 R2 … and asking corporations to spend a significant sum of money.”

To that, Gavriella Schuster, Microsoft’s senior director of Windows product management, admits that Windows 7 features that need Windows Server 2008 R2 are not going to be deployed overnight. “Some of these features are part of a longer-term strategy,” Schuster says.

Nevertheless, Microsoft continues to spread the word about how Windows 7 can help enterprises. In a recent interview, Schuster drilled down into what Microsoft believes are the key features.


The DirectAccess feature, which requires both Windows 7 and Windows Server 2008 R2, lets mobile workers connect to corporate networks without the use of a VPN, giving business users more flexibility and easing the burden on IT.

Schuster says that with DirectAccess, users only need an Internet connection to have access to everything on the corporate network; they will never have to stop what they’re doing and log on to a VPN. This will reduce the use of corporate bandwidth as remote users will mostly be using their own local broadband, she says.

The benefit of DirectAccess runs deeper for IT managers, she says. “For IT, the biggest challenge is managing remote laptops, knowing how long they’ve been off network, when they came back on and when they got patched. With DirectAccess, as long as a machine is on and connected to the Internet, it can be managed.”

As for security concerns over there being no official VPN, Schuster says that DirectAccess is used with Windows Server 2008 R2 in the background, which will use the most secure protocol, IPv6, to encrypt data transmitted across the Internet. “It’s not as if you don’t have a VPN or firewall; we’ve just integrated that into DirectAccess,” she says. “There is no longer a separate step to get to that secured tunnel.”


BranchCache, which also requires the use of both Windows 7 and Windows Server 2008 R2, is a feature designed to speed up networks in remote offices that are away from corporate headquarters. Basically, BranchCache will speed the accessing of large remote files stored on the corporate network, says Schuster.

For example, a copy of a file server is downloaded from the corporate network and cached locally on Windows Server 2008 R2 at the branch office. When another user at the branch office requests the file, it is downloaded immediately from the local cache rather than over a limited bandwidth connection back to headquarters.

Users don’t have to go back to the corporate network and use up bandwidth to download it again, Schuster says.

“And what IT can do with BranchCache is set the amount of partition on desktops in branch offices that can be used for caching, set how current documents need to be before forcing users to go back to the corporate network to get them again, and check what level of permissions users need to have,” she says.

Windows 7 has bolstered enterprise search functionality from the desktop.

Although Windows Vista enhanced desktop search, and Microsoft has invested in SharePoint portal search and Internet search, the problem, according to Schuster, is that those are three different searches and you need to go to three different places.

“With Windows 7 we have federated that search,” Schuster says. “So right from your desktop you can expand search from the desktop to SharePoint sites to the Internet and then go find a document wherever it may be: on your computer, on your network or on the Internet.”

With the “federated” search in Windows 7, users can select which intranet and SharePoint sites are available for searching or IT can use a feature called Enterprise Search Scopes to populate a user’s Start menu with links to commonly-used internal sites. Search results are presented in Windows Explorer the same way that users of Windows XP and Vista are used to.

BitLocker to Go

The BitLocker hard-drive encryption feature was introduced in Windows Vista to protect data on lost or stolen laptops. In Windows 7, the feature has been extended to protect storage devices such as external hard drives and USB sticks.

Called “BitLocker To Go” in Windows 7, the feature allows external storage devices to be restricted with a passphrase set by IT before users have permission to copy data to them.

This will give enterprises the same confidence in USB external drives that they have in multi-volume drive encryption, says Schuster, adding that this has become a necessity with the growing amount of USB devices.

“It’s so easy to lose external devices without even noticing, so BitLocker to Go gives businesses extra confidence that no one can get that data.”


Like BitLocker, AppLocker is in the security and control camp of Windows 7, and aims to protect users from running unauthorized software that could lead to malware infections.

For safety, Microsoft recommends that enterprises run in standard user, meaning there are no administrative rights to users at all. But if IT does give administrative rights to users, AppLocker can safeguard against running suspicious types of software. It allows IT to specify which applications can run on employees’ desktops, blocking potentially harmful software and allowing the applications and programs that users need.

“AppLocker allows IT to say, ‘users can only install these types of applications,'” Schuster says. “And they can specify by software publisher or by version. For instance, users can only install Adobe Acrobat 8.1 or later.”