We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

The 5 best Windows 7 security features for businesses

Security enhancements that don't sacrifice usability

Windows 7 brings several security enhancements that don't sacrifice usability. We look at the five best features that businesses should definitely be using.


Controlling what applications users can install or run is an effective way of maintaining the stability of users' systems, preventing malware and protecting the integrity of the network from bandwidth-hungry applications like BitTorrent.

In previous versions of Windows, this was handled by the Software Restriction Policies feature. These policies could be applied to prevent specific software from running based on either its location in the file system or its failure to match a cryptographic hash of a known, trusted application.

Software Restriction Policies could be a hassle to implement and maintain effectively. Some programs need to be installed outside of the typical path, necessitating new path rules to be generated. And hash-based policies offer powerful security but can fail whenever a program is updated. Any change to the program's code - even a bug fix or security update - changes the hash and, if allowed, would prevent the program from running. Thus, IT managers had to maintain and update a cumbersome list of hash rules and override programs' ability to update automatically.

AppLocker, available for Windows 7 Enterprise and Ultimate (as well as Windows Server 2008 R2), adds a new, more flexible method of controlling software: publisher rules. Publisher rules rely on information in a program's signature certificate, which more and more applications have today.

This information is far more detailed than the file path or hash data, which lets admins create complex rules such as allowing software only from a particular publisher, with a particular name, with a specific file name and/or of a particular version to be run. For example, a rule could be created to allow anything from Adobe to be run, or only Photoshop, or only the current and future versions of Photoshop.

AppLocker rules can be applied to any executable, script, installer or system library, giving users enough latitude to, say, install needed software or updates without an administrative override, while still preventing them from using unauthorised software.

Furthermore, AppLocker rules can be written to apply to specific users or user groups; your accounting team and your graphic design team probably have very different software needs, but with AppLocker, only one set of policies is needed to provide each group with its own unique set of restrictions and allowances. AppLocker can even distinguish among users who share the same computer.

A real timesaver is the ability to automatically generate rules from a trusted reference computer. Policies can be exported and applied globally across the network using Windows' Group Policy settings. (See Microsoft's TechNet for a step-by-step guide to using AppLocker.)

It's important to note that AppLocker rules apply only to users whose machines are running Windows 7 Enterprise or Ultimate editions. If some of your users have older Windows versions, you'll need to keep Software Restriction Policies in place for them. As more users upgrade to Windows 7, you can phase out SRP and rely on AppLocker.

NEXT PAGE: DirectAccess

  1. The security enhancements that don't sacrifice usability
  2. Multiple active firewall profiles
  3. BitLocker To Go
  4. AppLocker
  5. DirectAccess

IDG UK Sites

5 reasons Facebook Messenger is terrible, and 5 reasons it's great

IDG UK Sites

The Galaxy S6 makes Samsung look stupid

IDG UK Sites

Inside Microsoft's universal platform for designing apps that work on PCs, tablets, phones, Xbox...

IDG UK Sites

Apple Watch review: First look at Apple Watch (iWatch) design, specs, features & UK pricing