As the direct successor to Windows Vista, Windows 7 includes all of the security, reliability, compatibility, and manageability characteristics of its predecessor, a boot to IT pros and system administrators tasked with deploying and managing Windows in businesses of all sizes. But while Windows 7 improves on these features, it also includes major integration pieces with Windows Server, a first since the jointly released server and client versions of Windows 2000. No, there's nothing as monumental as the Active Directory (AD) and Group Policy (GP) infrastructure that Microsoft created at that time. But the joint development of Windows Server 2008 R2 ("Windows 7 Server") and Windows 7 does provide for some interesting possibilities.

Welcome to the 21st century

Windows 7 addresses the needs of the modern IT pro workforce, where many of us are working on the go and from home. Indeed, the dark side of the technological breakthroughs of the past several years is that workers are increasingly "at work" even when they're home, on vacation, or elsewhere outside the traditional office. Thanks to laptop computers, wireless networks, smart phones, and other related technologies, we're connected to the goings-on at the office at all times of night and day. We can get work done during a Sunday football game, or plug numbers long after the kids have gone to bed.

Societal issues aside, there are security and manageability issues to address when workers are accessing, and in some cases transporting, secure business data outside the relative safety of the corporate firewall and network. Windows 7 addresses these concerns in a variety of ways, and while some of the improvements also require Windows Server 2008 R2 on the back end, the net effect of the changes is quite positive. Contrast the situation with the business story for Windows Vista as an example. When that OS first shipped two years ago, Microsoft could tout Vista's BitLocker drive encryption feature and ... well, that was about it. The Vista story for businesses has improved a bit over the intervening time thanks to new versions of the Microsoft Desktop Optimization Pack mostly. But Windows 7 offers a more compelling and exhaustive list of benefits for businesses.0

Here's what's happening for business users in Windows 7.


DirectAccess is a replacement for VPN (virtual private networking), which is complex to configure, manage, and use. If you're familiar with Exchange access over HTTPS, you get the idea, except that this time you're accessing your entire corporate infrastructure, not just your email server. DirectAccess allows users to securely connect to corporate networks from anywhere they can get online, removing the need to worry about complex VPN configurations.

DirectAccess requires Windows 7 on the client and Windows Server 2008 R2 on the server. For those companies that can't or don't implement both systems, Windows 7 also includes a new feature called VPN Reconnect that automatically reestablishes lost VPN connections once Internet connectivity is returned.

BitLocker and BitLocker To Go

Since its initial release with Windows Vista, BitLocker has undergone a transformation. It's no longer relegated to the system drive, for example, so that beginning with Windows Vista SP1 and Windows Server 2008, it's possible to implement BitLocker full-disk encryption on any fixed hard drive. Windows 7 predictably improves matters yet again, and in a number of ways. First, it's now much simpler to implement BitLocker, and Windows 7 will automatically create any needed hidden boot partitions instead of require you to do it manually as was the case in Windows Vista. There's also a new Data Recovery Agent (DRA) that lets enterprises assign a single encryption key across all of their BitLocker-protected drives, providing central management of this feature. (And eliminating the silliness of trying to find the recovery key for a particular drive.)

The biggest improvement, however, is something called BitLocker To Go which adds removable storage--like USB keys and USB hard drives) to the mix. That way, when such a device is stolen or lost and plugged into a different PC, its data cannot be accessed. As with virtually all Windows 7 features, BitLocker To Go can be managed via Group Policy so admins can specify things like passcode strength or smart card requirements.


Essentially the formalization of a feature that's actually been available in Group Policy for some time now, AppLocker is a rules-based infrastructure for specifying which applications users in an organization can and cannot run. AppLocker is fine-grained as well, so you can specify such things as particular version numbers of applications ("it's OK as long as its version 3.1 or higher" or whatever), and whether applications are allowed to update themselves.

Advanced Management capabilities

Microsoft has been tip-toeing its way into the future of its management tools, which is all based around the PowerShell scripting environment. In Windows 7, PowerShell makes its debut in the client OS for the first time. So we get the latest version of the environment--PowerShell 2.0--as well as the new PowerShell Integrated Scripting Environment (ISE), a powerful command and scripting editor. PowerShell 2.0 includes many compelling features, but its remote capabilities will be of particular interest to IT pros: You can now trigger commandlets on remote PCs from a central location. Additionally, you can create custom limited PowerScript shells for end users, restricting them from running certain commandlets. Going forward, Microsoft's management tools will all be built on PowerShell, so this is a good time to start looking into this extensible and powerful tool.

Windows Search and search federation

Windows Search is one of the best features in Windows Vista, and in Windows 7, it's getting even better. It's been tuned to work with the Libraries feature in this new OS, of course, and a new search filter capability in the search drop makes it easier to find-tune searches on the fly.

The big change in Windows 7, however, is search federation, which is Microsoft's obtuse way of saying that you can now scope searches to include corporate resources like server-based file shares, SharePoint document repositories, and other locations. As always, these scopes are fully customizable by administrators and IT pros.


Microsoft is dramatically enhancing (and renaming) Terminal Services in Windows Server 2008 R2. While details of that change have yet to be revealed, the company is at least touting a new capability that requires both Windows 7 on the client and Windows Server 2008 R2 on the server: A seamless, native-looking experience when running Terminal Services-hosted applications. Previously, these applications were noticeably different from locally-installed applications and were not available via the Start Menu.

Branch Cache

Another feature that requires both Windows 7 and Windows Server 2008 R2, BranchCache caches content that's sent between remote servers and PCs at a branch office. This is important because branch offices often connect back to the main corporate office using slow, unreliable, and expensive WAN connections. By caching content, latter attempts to access that content can happen locally instead of requiring WAN access. This content can be stored on branch office servers or on PCs in the branch office.

But wait, there's more

Windows 7 brings a number of other improvements for IT professionals, including multiple active firewall policies, improved smart card support, enhanced auditing capabilities, the aforementioned improvements to User Account Control (which are centrally manageable via Group Policy), DNS Security Extensions support, and improvements to the system deployment model that first arrived with Windows Vista. It's now possible to mount VHD (virtual hard disk) images, like those used with Virtual PC and Hyper-V, as drives in Windows 7, and deploy VHD images across an enterprise in a manner similar to that used for WIM (Windows Imaging Format) images. The number of Group Policy settings available to Windows 7 PCs is dramatically higher than those for previous Windows versions, offering a more granular control of the system and access to Windows 7's unique features.

Now, the Windows Recovery Environment (WinRE) is automatically installed alongside Windows 7, eliminating the need to manually create it as you would have done with Windows Vista. A Problem Steps Recorder allows users to record the steps they took that led to a problem and send them to help desks and administrators for remote remediation.

Final thoughts

Over these five parts of my Windows 7 preview, I've tried to highlight the many obvious advances that can be found in the first broadly available version of Microsoft's next client operating system. This M3 ("milestone 3") build of Windows 7 is so far ahead of similarly-timed releases from previous Windows versions that it's almost comical. Unlike, say, the PDC 2003 build of Longhorn (Windows Vista), or even the Beta 1 release from 18 months later, Windows 7 M3 is usable, stable, and performant. Its new features are compelling, exciting, and smile-inducing. This is a system that Microsoft can be proud of, sure, but it's also a system that real users can use day-to-day. In fact, I'll be doing just that. As I write these words, I'm in the process of moving all of my daily use machines over to Windows 7. It's that stable. It's that good.

Given the quality of the M3 build, what we have to look forward to from future releases, of course, are additional features and functionality that weren't deemed ready for this release. These include such things as the enhanced task bar, but also features we've not yet been made privy to. If you're a Windows fan, as I am, these are heady times. We've lived under a cloud since the disappointments that have followed and dogged Windows since that 2003 edition of PDC, and we've sat and watched as Windows Vista has failed to live up to expectations and to Microsoft's lofty predictions. This time around, however, the future looks bright. Windows 7 is already better than we had hoped for, more useable, and more exciting. This release will turn the tide of public perception for both Windows and Microsoft. It makes everything OK again.

Windows 7 M3 is the single most exciting release to come out of Microsoft since ... well, I don't know when. It's been that long.

Seriously, Microsoft. Thank you.