We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,772 News Articles

Windows 7 security: the complete guide

Put key Windows 7 security improvements to good use

Windows 7 is just over six months old. It has been quickly adopted by PC users at home and in businesses. However, some IT admins are struggling with the platform's new security features. We take a look at the key features and what you need to know.

Multiple active firewall policies

Prior to Windows 7, when a user had multiple network interfaces active, only one Windows Firewall profile (i.e. Home, Domain, Work, or Public) could be used.

This created potential security vulnerabilities, such as when a computer was both wired to the local network domain and connected to a less restricted wireless network.

Windows 7 can now detect multiple networks and apply the appropriate firewall profile to the right interface.

Improved System Restore

System Restore now includes the user's personal content files.

Older versions backed up and protected only the Windows system files.

System Restore also allows you to see what files would be restored in each version of the System Restore files.

It's not perfect, but it's nice to see what will occur if you were to choose a particular restoration point.

Smooth remote access

DirectAccess allows remote users to securely access enterprise resources (such as shares, websites, applications, and so on) without connecting to traditional types of VPNs.

DirectAccess establishes bidirectional connectivity with a user's enterprise network every time a user's DirectAccess-enabled portable computer connects to the internet, even before the user logs on.

The advantage here is that users never have to think about connecting to the enterprise network, and IT administrators can manage remote computers even when the computers are not connected to the VPN.

Once DirectAccess is enabled, when a user's computer connects to the internet, it's as though he or she is on the organisation's local network.

Group policies work, remote management tools work, and automatic push patching works.

Unfortunately, DirectAccess has fairly involved requirements, including Windows Server 2008 R2 (to act as the RAS server), Windows 7 Enterprise or Ultimate clients, PKI, IPv6, and IPSec.

But as companies put the necessary pieces into place, they should look into using DirectAccess as their default VPN technology for Windows 7 and later clients.

Managed Service Accounts

Service accounts are often highly privileged, but difficult to manage. Best-practice recommendations dictate changing service account passwords frequently, so as to avoid the risk of password attacks.

However, Windows service accounts often require two or more coordinated, synchronised password changes in order for the service to continue running without interruption; prior to Windows 7 and Windows Server 2008 R2, service accounts were not easy to manage.

If a service account is enabled as a Managed Service Account, Windows will take over the password management and simplify management of Kerberos SPN (Service Principal Names).

Like DirectAccess, Managed Service Accounts have a lot of requirements, including a schema update and mandatory use of PowerShell 2.

Still, if service accounts are a hassle in your environment - and you know they are - consider enabling this new feature when your infrastructure is prepared.

NEXT PAGE: Virtual service accounts and AppLocker application control

  1. Put key Windows 7 security improvements to good use
  2. BitLocker drive encryption and Easily encrypted page file
  3. Better cryptography and safer browsing with IE8
  4. Multiple active firewall policies
  5. Virtual service accounts and AppLocker application control
  6. Configuring AppLocker
  7. Rules for exceptions


IDG UK Sites

Windows 9 release date, price, features: 30 September marked for unveiling

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Netflix whips up 3D VR viewing room for Oculus Rift during company hack day

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014