You are on page 1of 14

What Windows 7 means for IT pros

What Windows 7 means for IT pros

Support professionals Network administrators Windows server administrators Security administrators Developers Consultants

1 1 2 7 9 11

More and more companies are looking at Windows 7 with an eye toward migrating from XP or Vistaand IT pros in all capacities are likely to be affected to some degree. These six articles will help you get ready for the impact Windows 7 will have on your decision-making, tasks, and projects.

Page 2 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Support professionals
Believe it or not, Windows 7 is not a beta any longer! How about supporting the new OS? There are a lot of considerations that support staff members need to take into consideration, and now is the time to rethink the overall support strategies in place.

Time to dump the old tools


When Windows 7 makes its way into your support footprint, it might be the right time to remove obsolete support tools. This includes remote console mechanisms, such as VNC, DameWare, and RAdmin. Sure, these tools made sense in the Windows 2000 era and were a passable carryover to Windows XP. But should these tools be rolled onto Windows 7? The upgrade to Windows 7 may be the prime time to roll in a newer console-based support strategy. This can include Remote Desktop or newer-concept products as a service, such as LogMeIn Pro. Today, connectivity is a mixed bag of wired, wireless, and remote (VPN) connections. Products such as LogMeIn can support on all of those bands, including situations where the PC is not connected to the network.

Reinstallation process refined


This may also be a good opportunity to refine desktop protection and troubleshooting practices if they just waste time. Would it be better to spend 20 minutes fixing a problem and then if it is not resolved, to launch an automated reinstallation process? You may want to consider whether an automated tool like Microsoft Deployment Toolkit 2010 would be a good solution for client systems. This can save a lot of time with a fully automated solution to deploy new systems as well as to redeploy existing systems in case a rebuild requirement exists.

UAC can make or break the experience


Vistas User Account Control (UAC) feature was one of the most disliked elements of the default configuration; Windows 7s implementation of UAC is improved with more options. Be careful, however, to give thought to UAC for Windows 7 and how it will be used. The new configuration levels for UAC in Windows 7 allow for a custom configuration, which will ease the frustrations for users new to UAC. For organizations that are skipping Vista and going directly to Windows 7, there is also an additional training component to this new feature if administrative permissions are assigned to certain users.

Network administrators
Here are the 10 Windows 7 items that will have the most effect on network administrators. operating system upon Windows XP absolutely 1 You get all of the benefits of the new leverage Windowsbut can callwhich is essentially aif virtual needed. Network administrators can XP mode, instance of your local PC in Windows XP with most of the XP driver support if you have some
Page 1 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

legacy hardware to get working or cant find Windows 7 drivers yet.

2 functionality loss. When applying Microsoft Update patches using the integrated update utility, a
With pre-patch, automatic restore-point creation, a back door is built in if patches cause system restore point automatically gets created before the patch gets applied.

Backups are a snap with the complete PC Image Backup. Using the integrated Backup utility, you can create a complete image PC Backup of your system while it is running. This technology leverages VSS or the Volume Snapshot service.

Network administrators can leverage the power of virtualization more easily. You can have several operating system instances on VHD files and boot from any of them merely by editing the startup using Boot From VHD. This saves a lot of space from having multiple operating systems installed within the same partition or even multiple partitions. VHD files are far more flexible. Attaching a VHD file as if it were a local drive allows the ultimate in portability and flexibility with backup and restores. Administrators can either attach or detach the VHD directly using the integrated Disk Management console. BitLocker provided military caliber encryption strength for hard disks in Windows Vista. It is back in Windows 7 but with the new addition of BitLocker To Go, it allows BitLocker encryption on USB removable drives. Integrated PowerShell v2.0 allows administrators to easily create commonly used tasks. (Okay, so you could download and install it before, but now its included.) Its a nice touch now to have it pre-installed and available under Accessories.

5
6

Network administrators will appreciate the pinning functionality, which enables commonly used programs to be pinned either to the Start menu or taskbar for fast and easy access when you need them.

Libraries will help administrators with those users who need to access data from more than one system at a time work computer, home computer, desktop, or laptop. Libraries are an aggregated view of specific document types (music, photos, documents), but you can add folder locations from completely different systems. administrators will factor of Windows This will undo the previously common perspective of Vista Bad and 10 NetworkWindows 77.Good! appreciate the more positive user experience and acceptance replace it with

Windows server administrators


You might think that Windows 7 is the sole purview of the desktop team, but there are features in the new desktop release that will significantly affect your work. Bear in mind that the Windows 7/Windows Server 2008 R2 release is the first joint Windows desktop/Windows Server release since Windows
Page 2 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

2000, so there are considerable synergies between the products. Here are 10 items that Windows server administrators need to know to adequately support Windows 7 clients.

New Remote Server Administration Tools

With the release of a new Windows client comes a new set of Remote Server Administration Tools; after all, you need to be able to manage your infrastructure without constantly connecting to a server console.

The downloadable Remote Server Administration Tools for Windows 7 can be installed to Windows 7 Enterprise, Professional, and Ultimate systems and can manage Windows Server 2003/2008/2008 R2. These tools support the Full and Server Core editions of Windows Server, and there are tool versions for 32-bit and 64-bit versions of Windows 7 clients. My take: This is pretty much par for the course each time a new version of Windows Server is released. Related TechRepublic resource : Perform remote administration with RSAT on Windows Vista SP1

2 DirectAccess 7 and Windows Server 2008 R2, Microsoft has introduced a new feature called With Windows

DirectAccess. Available on domain-joined Windows 7 Enterprise and Ultimate clients, DirectAccess allows direct, immediate access to network resources from any Internet connection, as if that computer were connected to the corporate network. Moreover, with DirectAccess, mobile clients can stay in touch with corporate policy and software updates servers just like their non-mobile counterparts.

Because of DirectAccess reliance on the existence of a Windows Server 2008 R2-based DirectAccess server, youll be deeply involved in the support of this new Windows 7 feature. DirectAccess relies on IPv4 and IPv6, so make sure you break out the IPv6 books when you deploy this feature. My take: DirectAccess could make the traditional VPN obsolete in many companies, and the technology deserves a thorough analysis. New remote access capabilities often raise red flags with the security group, so make sure that all of the stakeholders have a clear view of how the technology works so the organization can perform a proper risk analysis.

Related TechRepublic resources:


Windows Server 2008 R2 and Windows 7 provide DirectAccess to resources Windows 7 and Windows Server 2008 R2 DirectAccess Executive Overview Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2 IT Manager Webcast: How Microsoft IT Deployed DirectAccess to Provide Secure Access to Corporate Resources From Anywhere (Level 200)

Reconnect 3 VPN though Windows 7 supports the new DirectAccess method, Microsoft hasnt abandoned Even
traditional remote access methods. The VPN is enhanced through the introduction of the VPN Reconnect feature in the Windows Server 2008 R2 Routing And Remote Access Services (RRAS) component.
Page 3 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

VPN Reconnect provides users with a consistent VPN experience and automatically reconnects VPN connections in the event of a temporary loss in Internet connectivity. The purpose of this feature is to help mobile users maintain productivity through a transparent reconnection to the RRAS-based VPN service. Microsoft has made available a step-by-step guide to deploying the RRAS service with VPN Reconnect; its a relatively involved process that requires the Windows server administrator to implement and configure a number of components. My take: While its not a revolutionary enhancement, automatically reconnecting to a failed VPN connection is pretty nice from a user experience perspective. But this isnt the first feature I would deploy. DirectAccess deserves a look first.

4 Offline Domain Join is a feature whereby Windows 7 and Windows Server 2008 R2 clients can join
Offline Domain Join
an Active Directory domain without any network connectivity in place. In many organizations, the Windows server administrator is responsible for Active Directory. Offline Domain Join replaces the normal network-centric process of joining a domain with a preprovisioning process that includes creating a text file for the computer that will join the domain. From there, the target client uses the text file and is joined to the domain without any actual network traffic having to be exchanged. My take: I have been in situations in which Offline Domain Join would have been really useful. Although the capability isnt exactly revolutionary, and some admins will probably overlook this feature, it can certainly reduce frustrations when you cant directly establish network connectivity.

5 BranchCache is another new feature added to Windows 7 and Windows Server 2008 R2.
BranchCache

BranchCache is typically used by Windows 7 clients relying on a Windows Server 2008 R2 server, so youll play a large role in supporting this new service.

BranchCache helps alleviate WAN congestion, reduces communications costs, and increases productivity by caching content to a local computer in a branch office. In short, the first Windows 7 client that downloads information from a content server caches that content locally or to a hosted Windows Server 2008 R2 server in the branch office. When other clients access the same content, they're directed to the locally cached copy of the content rather than being routed over the WAN. There are two modes by which BranchCache can operate: distributed cache and hosted cache. Distributed cache uses a peer-to-peer communications model and allows, for example, a Windows 7 computer at a serverless branch office to cache files from an upstream Windows Server 2008 R2 computer. Hosted cache caches content from an upstream Windows Server 2008 R2 computer to a local Windows Server 2008 R2 computer. My take: WAN costs can still rack up big bills and congested links can sap productivity; BranchCache makes it possible to address both of these issues, as long as everyone is running Windows 7. BranchCache is worth a look, but it's not necessarily at the top of my to-do list yet. Related TechRepublic resource: New Windows BranchCache: Features and considerations

Page 4 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Group 6 Neweach newPolicy capabilities and Windows Server, Microsoft enhances the capability for the With release of Windows
IT group to enforce policies and settings through additions to Group Policy. With Group Policy being a service often managed in the networking or server administration group, you should begin familiarizing yourself with some of the new management capabilities offered in the latest version of Group Policy. With Windows 7 and Windows Server 2008 R2, Group Policy administrators can now centrally configure BranchCache behavior, display brightness (among other power settings), new Windows 7 Taskbar behavior, and a lot more. Microsoft published a complete list of Group Policy objects titled Group Policy Settings References for Windows and Windows Server. Serious Group Policy enthusiasts should also check out the Advanced Group Policy Management (AGPM) tool. In addition to many other features, AGPM allows Group Policy administrators to more easily test new Group Policy objects (GPOs) before deploying them to a production environment; AGPM also makes it possible to maintain historical versions of GPOs. With Windows Server 2008 R2 and Windows 7, Microsoft has released version 4 of the AGPM, which adds support for these new OSes and allows searching and filtering of GPOs and exporting and importing GPOs to different forests. My take: All Windows Server administrators should check out the new Group Policy capabilities. When you use Group Policy correctly, it can save your organization thousands of employee hours and keep it secure. Related TechRepublic resources: MDOP Advanced Group Policy Management TechNet Webcast: Microsoft Advanced Group Policy Management (Level 200) Build Your Skills: Understanding Windows Server 2003s Group Policy Management Console

allows administrators to restrict program installation and execution using Group Policy objects.

7 Like DirectAccess, BranchCache, and VPN Reconnect, AppLocker is new to the Windows world; it
AppLocker

If you used Software Restriction Policies (SRP) in older versions of Windows, youll recall that SRP works on the policy of exclusion, requiring administrators to generate hash files that indicate which programs to block. Although this exclusion-focused service still exists in Windows Server 2008 and Windows 7, the new AppLocker service provides a much more manageable environment for administrators. AppLockers functionality works in the opposite way it blocks access to applications except applications that are specifically allowed via AppLocker GPOs. Policies can be based on a wide variety of factors, making it possible for IT to easily manage the service while keeping the security of the environment intact. Even better, AppLocker-controlled application access doesnt break with each successive application update, so there is less babysitting of this feature than there was under the sometimes painful-to-administer Software Restriction Policies. AppLocker policies can be enforced on computers running Windows 7 Ultimate or Enterprise or any edition of Windows Server 2008 R2 except Web Server and Foundation.
Page 5 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Because of AppLockers reliance on Group Policy, AppLocker deployments require coordination between desktop support groups and Windows Server administrators. My take: Like DirectAccess, AppLocker deserves a close look sooner rather than later. The ability to allow a specific set of applications and just those applications can be quite compelling in environments demanding software restrictions.

Related TechRepublic resources:


Configuring AppLocker in Windows Server 2008 R2 and Windows 7 Video: Microsoft exec outlines Windows 7 security

out of the environment, your applications team has uncovered a critical issue that could stop a Windows 7 deployment dead in its tracks. Instead of giving up all of the other Windows 7 benefits, the applications team decides that the application can continue to be supported by running it under the virtual Windows XP Mode available in Windows 7. Your dream of a Windows XP-free world has turned into increased patching complexity after all, now you need to patch two Windows instances including the Windows XP and Windows 7 instances. Plus, you have to make sure that your WSUS or third-party patching system can continue to support Windows XP patching as well as serve Windows 7s patching needs. My take: Youre already patching Windows XP machines anyway, and youll have the Windows XP/Windows 7 patch overlap during Windows 7 deployment, so this isnt a big deal.

8 Just when you thought that at long last, Windows XP and its patching needs were being migrated
Windows XP Mode patching challenges

Related TechRepublic resources:


Determine if your hardware can support Windows XP Mode in Windows 7 Hands on: Windows 7 XP Mode 10 reasons why Windows 7s XP Mode is a big deal Windows XP Mode for Windows 7 (Part 1)

question. The scary part about DNS exploits is that someone can be affected and not even know about the problem, since DNS operates behind the scenes for most users. This is part of the thinking behind DNSSEC, a secure extension of todays DNS that helps ensure the integrity of data in DNS servers. As stated by TechRepublic contributor Justin Fielding, DNSSEC protects resolvers (clients) from being fed forged data by digitally signing DNS records. Clients can use this digital signature to check whether or not the supplied DNS information is identical to that held on the authoritative DNS server. For some, DNSSEC isnt a good idea. However, DNSSEC is a requirement for administrators of U.S. federal computer systems who must comply with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which indicates that DNSSEC is to be used in federal agencies.

9 As DNS exploits become more and more common, the security of this foundation gets called into
Domain Name System Security Extensions (DNSSEC)

Page 6 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Windows 7, when used in conjunction with a Windows Server 2008 R2-based DNS server, brings DNSSEC to the Windows masses and can help organizations rest a little easier when it comes to trusting DNS data. The Windows 7s DNS client includes whats called a non-validating security-aware stub-resolver, which is just a cryptic way to say that, by itself, Windows 7 cant do DNSSEC validation. For DNSSEC to operate, Windows 7 relies on a Windows Server 2008 R2 DNS server, which is assigned the task of validating the DNS data that is to be sent to the Windows 7 client. When it comes to deploying DNSSEC throughout an organization, the duties of the desktop administrator, the security administrator, and the Windows DNS server administrator intertwine. My take: DNSSEC is far from a security panacea, and full support for DNSSEC remains a contentious issue in some circles. Unless you have a compelling or mandated need, look at other Windows 7 features before you tackle this one.

Related TechRepublic resources:


DNSSEC: Whats the fuss all about (and what does U.S. Homeland Security have to do with it)?

You dont have to wait to deploy DNSSEC

10

Windows Deployment Services

One of the most exciting new features in the Windows Server 2008 R2-based Windows Deployment Services (WDS) is the ability to deploy Windows Imaging Format (.wim) and Virtual Hard Disk (.vhd)-based image types. These additions greatly increase WDS flexibility when it comes to image capture. The new WDS includes new multicasting capabilities to support a wider variety of clients and allows the automatic disconnection of slow clients as well as multicasting using IPv6. Further, WDS includes new driver provisioning features, including the ability to deploy driver packages to clients based on their hardware configurations. With WDS being a commonly used Windows server role, and some of WDS new capabilities requiring partnerships between server, networking, and desktop teams, even the Windows 7 deployment features require new skill sets for the Windows server administrator. My take: Anything Microsoft can do to make the deployment process easier is a good thing in my book. The new WDS capabilities deserve must look status from any deployment specialist and from Windows server administrators who need to support the deployment infrastructure.

Security administrators
Ever since Windows XP SP2, Microsoft has been serious about operating system security. And while Windows Vista may have been a flop in the performance and compatibility areas, it wasnt ever criticized for its lack of security. In fact, one of Vistas main detractions was its overemphasis on the security of locking down the system via the heavy hand of User Account Control (UAC). Well, with Windows 7, Microsoft has toned down UAC a bit (while not letting up on security) and added a whole slew of security features that will benefit both the end user and the security administrator. Lets take a closer look.
Page 7 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

AppLocker
A new security feature being introduced with Windows 7 is AppLocker, which provides a security professional with the ability to control the installation and use of applications in the enterprise. Keep in mind that AppLocker is available only in the Ultimate and Enterprise editions of Windows 7 and is designed to work closely with Windows Server 2008 R2. AppLocker works by allowing you to create rules that are based on file attributes derived from a files digital signature. These rules can be used to control how users access and use any type of executable file. Of course, to be a flexible tool, you can also create exceptions to AppLocker rules. You can then assign rules to an entire security group or be more precise and assign a rule to an individual user. To learn more about and see AppLocker in action, check out this demo on the Microsoft TechNet site.

BitLocker & BitLocker To Go


Introduced in Windows Vista and now available in Windows 7, BitLocker is a security feature that is designed to prevent data theft via unauthorized access of a desktop or from a lost/stolen laptop. BitLocker takes the Encrypting File System (EFS) feature to the next level by using a hardware-level encryption on the hard disk, thus protecting the actual data files, the system files, and the bits and pieces of data lingering in such places as the temporary files, swap files, and even hibernation files. With Windows 7, BitLocker has been extended so that it can be used to protect removable storage (USB flash drives) with the new BitLocker To Go feature. This means that if you lose a USB flash drive, which is all too easy, your data is safe. BitLocker and BitLocker To Go are available only in the Ultimate and Enterprise editions of Windows 7. To learn more about BitLocker and BitLocker To Go, check out this demo on the Microsoft TechNet site.

User Account Control


The advent of User Account Control wasnt well received in Vista; however, its still an important security tool that is designed to prevent the inadvertent running of malicious software by displaying an are you sure? type of prompt, along with requiring an elevation of privileges before a potentially dangerous action can be initiated. In Windows 7, UAC has been improved and toned down a bit. For example, certain types of tasks that were previously UAC protected can now be performed by a standard user without administrator approval, thus making UAC less of a hassle for end users and ultimately less of a burden on administrators. And speaking of administrators, an already security conscious administrator can now adjust the level of or even disable UAC protection in the Control Panel. Furthermore, there are new local security policies that can be used to alter the way that UAC interacts with local administrators and standard users.

ActiveX Installer Service


ActiveX controls are self-registering COM objects that are used by Internet Explorer, Office, and Windows Media Player, just to name a few, to provide a more interactive user experience. Because ActiveX controls are often distributed in .cab files, users with standard accounts do not have permission to install them. However, in Windows 7, the new ActiveX Installer Service is enabled by default and is designed to enable administrators to more easily deploy ActiveX controls by using Group
Page 8 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Policy to configure the Trusted sites zone to identify Web sites that can install ActiveX controls without intervention. This reduces unnecessary support calls as well as the time-consuming operations of repackaging and distributing the needed ActiveX controls.

Direct Access
Working in conjunction with Windows Server 2008 R2, Windows 7s new DirectAccess feature makes it easier for end users to connect to the corporate network without VPN. Using DirectAccess, which automatically establishes a secure bidirectional connection from mobile systems to a corporate network, mobile workers can securely connect to the enterprise network anywhere they have Internet Access without the need for a VPN connection. With DirectAccess, IT professionals are relieved of the extra overhead required to provide and maintain VPN configurations.

Multiple Active Firewall Policies


The Windows Firewall policies in Vista are based on the type of network connection established (Public, Home, and Work/Domain) and can work on only one connection type at a time. Unfortunately, this sort of limitation can cause all sorts of problems if additional connections are made that require different firewall policies, such as when a mobile user accesses a public network and then launches a VPN connection to a corporate network. To accommodate these types of scenarios, Windows 7s new firewall feature allows multiple firewall policies to be enabled at the same time, so that no matter what type of connection is being used, the appropriate firewall policy will be in effect. This ensures that mobile/remote users are protected and have access to the appropriate networks. On the other end of the equation, the new Multiple Active Firewall Policies feature means that security professionals need to maintain only one set of rules for both mobile/remote system and physically connected systems.

And theres more


While Ive touched on the new security features in Windows 7, there are many more improvements in existing security features. For example, the Encrypting File System (EFS) architecture has been adapted to incorporate Elliptic Curve Cryptography (ECC), which makes it compliant with Suite B encryption requirements defined by the National Security Agency. In step with the new ECC support, Kerberos Authentication has also been enhanced with stronger cryptography for smart card logons. The NTLM authentication protocol is now set to 128-bit encryption for the minimum session security policy by default, but can be dropped back if necessary. You can learn more about these and other enhancements made to existing security features in Windows 7 in the Whats New in Client Security document on the Microsoft TechNet site.

Developers
Industry analysts expect a fairly swift uptake of Windows 7 and Windows Server 2008 R2, thanks to early reviews that state Windows 7 is better than Windows Vista and a number of customers who have stayed with Windows XP are in need of system refreshes. Regardless of whether Windows 7 rolls out quickly or slowly in your organization, it is important to know how it will affect your applications.
Page 9 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Overall, Windows 7 seems to have the same underpinnings as Windows Vista, but it is tweaked in all of the right places. Many of the improvements in Windows 7 will be available in Windows Vista as well (or already available on Windows Vista), such as PowerShell 2.0, Internet Explorer 8, and .NET 3.5. Also, the driver situation at launch was much better than it was with Windows Vista. The big concern for every developer is this: What will Windows 7 break in my application? Fortunately, it looks like very few apps will break with the move to Windows 7. From what I can tell, with Windows Vista, Microsoft made a real break from the past in terms of security, and it was that step that broke apps. I spoke briefly with Microsofts Brian Hitney at the recent Carolina Code Camp, and he agreed with that assessment. In addition, the documentation on MSDN that lists resources to learn about compatibility points to the Windows Vista documentation as well as to the Windows 7/Windows Server 2008 R2 documentation, which is further evidence of this scenario. I have been using Windows 7 for a few weeks, and one thing I noticed right away is that the UAC is a bit less in your face than it used to be. This is a pleasant change for applications that require escalated privileges. Be aware that Windows 7 supports high DPI monitors; this means that unless you make your application DPI-aware, its GUI could be far too small on a high DPI display. Microsoft has provided useful information on the topic for both .NET and Win32 developers. Windows Mail, Windows Movie Maker, and Microsoft Agent are not in Windows 7, so if your application counts on these items, you will need to work around this. Check out the Windows 7 and Windows Server 2008 R2 Application Quality Cookbook for full details. One of the big dangers with leveraging a new OSs features is that you dont want to find yourself in a situation where your application works only on that platform. There are some neat new features in Windows 7 that you can use and not break your application on platforms that lack the features. Those features include the following: Progress bars in title windows Interactive taskbar thumbnails. For example, when you hover the mouse over the taskbar entry for Windows Media Player, the window preview is overlaid with basic play controls. Jumplists, which allow application functionality to be called directly from the Start menu A new animation framework Improved handwriting/ink API including math recognition Improved touch support Federated Search, which allows developers to create feeds the Windows search (and SharePoint) can consume Some developers will not mind that their applications are be compatible only with Windows 7. For these developers, some of the cool things they can work with include the new Ribbon control, which is decoupled from Office, and sensor and location APIs. Here are additional resources that you may find helpful: Windows 7 Developer Guide Microsoft Application Verifier
Page 10 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

Microsoft Application Compatibility Toolkit Windows API Code Pack for .NET (provides access to Windows 7 and Windows Vista functionality from within .NET) Window 7 logo program

Consultants
While Windows 7 boasts important refinements, including better memory usage, full 64-bit support, simplified wireless networking, touch-screen support, and Windows XP Mode for application compatibility, the release complicates IT consulting efforts. This is good and bad. Its good because the new release (and the countless and inevitable issues that arise with a new OS) will result in new service calls and new clients. Its bad because already harried IT consultants will bear the challenge of making Windows 7 live up to Microsofts marketing hype and productivity promises. My consultancy has been testing Windows 7 for months. Weve installed the OS on numerous workstations and pushed it into our production environment. Our experiences have been good, but no OS is perfect, and weve noticed some issues that will affect consultants. Heres why Windows 7 will mean more work for you.

Application incompatibilities
Many organizations are dependent upon legacy or proprietary applications, and a number of these critical programs will be incompatible with Windows 7. Microsofts answer is Windows XP Mode, which isnt necessarily an elegant fix. While virtual machines (VMs) are a clever approach to solving the need for multiple OS environments, VMs typically place considerable demand upon workstations. To run Windows XP Mode, organizations must have systems equipped with Intel Virtualization Technology or AMD-V-enabled CPUs. With VMs, CPU cycles and memory are at a premium, so organizations unending penchant for purchasing low-cost systems with bare essential hardware capabilities doesnt match well with Microsofts Windows 7 solution for supporting legacy applications. As a result, consultants will be tasked to upgrade or replace many workstations that are incapable of efficiently powering Windows XP Mode.

Printer and other hardware incompatibilities


Windows 7 seems to improve driver compatibility, but trouble will still arise. For instance, just last week, my consultancy deployed a popular all-in-one printer (previously purchased by the client without our input) produced by a manufacturer that still proved incompatible with Windows Vista. You should be prepared to research workarounds when driver incompatibilities arise. In many cases, clients may find deploying Windows 7 results in the need to replace otherwise capable components (possibly including bar code scanners and other POS equipment, printers, biometric security devices, and other hardware) that prove incompatible.

Page 11 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

What Windows 7 means for IT pros

System requirements remain high


Windows XP possesses the most market share, which means most deployed systems have hardware matched to that OS. Windows XP required only a 233 MHz or faster CPU, 64 MB of RAM, and 1.5 GB of free disk space. Windows 7 ups the ante exponentially to a 1 GHz CPU, 1 GB RAM, and 16 GB of available disk space. Consultants should plan on upgrading and replacing countless Windows XP systems because millions of Windows XP machines in the real world fail to meet these specifications.

Edition confusion
While some IT professionals debate whether multiple Windows OS editions are confusing to the marketplace, consultants know the truth from real-world experience: Business owners and staff are bewildered by the different versions. Ive lost track of the number of times my consultancys been approached by a new client, and weve had to upgrade Windows XP Home systems to Windows XP Professional to meet business objectives. The new releases plethora of versions users can choose from Starter, Home Premium, Professional, Ultimate, and Enterprise versions will further complicate the complex licensing, upgrade, and platform compatibility issues. (Download TechRepublics Windows Professional Feature Comparison Chart.)

Training requirements
Consultancies must get their engineers and support technicians up to speed on all the best practices, new features, and workarounds necessary to deploy, administer, and maintain Windows 7; this means training classes, instructional materials, and certification courses. Such training requires investment, including cash for courses and books/CDs. Even worse, it requires that staff dedicate time to nonbillable tasks.

Backoffice tool incompatibilities


Most consultancies maintain a library of specialized troubleshooting applications and hardware. My IT shop regularly deploys hard disk adapters, motherboard diagnostic cards, and numerous preboot environment CDs and other utilities. We use these hardware and software components to troubleshoot and repair failed systems and servers. With Windows 7, well inevitably find that we need to obtain new versions that are compatible with the new OS. This means consultants will face new expenses as a result of the need for new Windows 7-compatible backoffice tools and utilities.

Lucky 7
Some consultancies may find Windows 7 is equivalent to Lucky 7. The new OS is sure to get business owners thinking about their computer systems and infrastructure. As businesses awake from the 20082009 economic collapse and recession and begin moving to replace outdated equipment or to launch new projects, Windows 7 comes at a good time. Although Windows 7 presents new challenges for IT consultants, it is also sure to generate new service requests and spawn additional work.

Page 12 Copyright 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html