Windows 7 new features – the complete list – Part3: Security

Michael PietroforteMVP By Michael Pietroforte - Wed, November 19, 2008 - 8 comments google+ icon

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in system administration.

Articles in this series

windows 7

The fundamental security-related improvements were introduced with Windows XP SP2 and Windows Vista. The new security features in Windows 7 can be considered as fine-tuning. I am a bit disappointed that there are only minor changes to UAC. Most interesting, from a system administrator’s point view, is the new AppLocker, which allows you to restrict program execution and the multiple active firewall profiles, which would solve problems with laptops that are used at home and in the corporate network.

User Account Control (UAC)

windows-7-uac-settingsWindows 7 has two new UAC settings:

  • Program-based changes only: Don’t notify when the user installs software or changes settings
  • Notify only: The user is only notified through a balloon message, but doesn’t have to confirm a prompt

The first one is the default setting in build 6801. Microsoft also says that the number of system applications and tasks that require elevation has been reduced. Please check out my more detailed article about Windows 7 UAC.

Action Center (new)

  • Consolidates alerts from Security Center – Problem, Reports, and Solutions – Windows Defender – Windows Update – Diagnostics – Network Access Protection – Backup and Restore – Recovery – User Account Control
  • A new icon in the notification area will be displayed whenever one of these apps needs attention
  • Thus, fewer notifications will be displayed on the desktop

Credential Manager (improved)

The Credential Manager allows you to manage your logon credentials for servers. In Windows 7 Credential Manager has an improved user interface.

AppLocker (new)

  • Restrict program execution on user desktops based on publisher signature
  • Example: Allow all versions greater than 9.0 of the program Acrobat Reader to run if they are signed by the software publisher Adobe

BitLocker (improved)

windows-7-bitlocker

  • Simplified deployment: Automatic repartitioning if deployed after OS installation
  • Data Recovery Agent (DRA): Single key for the whole organization that can recover data on any BitLocker-encrypted volume

BitLocker To Go (new)

windows-7-bitlocker-to-go

  • Encrypt portable storage devices
  • Make data protection of removable storage devices compulsory, network-wide
  • Require strong passwords or smart card via Group Policy
  • Supports read-only of encrypted devices on Windows Vista and Windows XP

Windows Defender (improved)

  • Now integrated with the new Action Center
  • New user interface
  • Better continuous monitoring

Windows Filtering Platform (improved)

  • Third party firewalls can selectively turn off features of the Windows Firewall
  • Third parties can add custom features to the Windows Firewall
  • Multiple active firewall profiles: Allows a single set of firewall rules for remote clients and for clients physically connected to the corporate network

Support for Fingerprint Readers (new)

Logon to Windows 7 using a fingerprint reader

Smart card support (improved)

  • Plug-and-play support
  • Support for ECC-based smart cards

Backup and Restore (improved)

Support for backups to network shares

System Restore (improved)

  • Now displays a list of programs that will be removed or added
  • System restore points are available in backups

Auditing (improved)

  • Configuration via Group Policy
  • Audit granted or denied access to specific information
  • Easier monitoring of the changes made by specific people or groups

DNS Security Extensions (DNSSEC) support (new)

Prevents DNS spoofing and other malicious activities
windows-7-parental-controls

Parental Control (improved)

(Do you know what exactly has been changed here?)

windows-7-time-restrictions windows-7-game-controls windows-7-applications-restrictions

If you know of a missing or dropped feature, please leave a comment below or send me a message. Of course, any other response is welcome, too. Please let me know if you described one the features in your blog or know of a more detailed source. I will add a link then.

Series NavigationWindows 7 new features – the complete list – Part2: Applications and functions - Windows 7 new features – the complete list – Part4: Networking

-1+1 - Rate this post
Loading ... Loading ...
Disclaimer
Your question wasn't answered? Please ask in the new 4sysops forum!

8 Comments- Leave a Reply

  1. [...] & Restore, System Restore, Auditing, DNSSEC, and Parental Control. See the original post at: 4sysops – Windows 7 new features – the complete list – Part3: Security Tags: [...]

  2. Jason says:

    The screen shot of the parental controls looks identical to the Vista version so I am not sure anything has changed. If you had screen shots of the various sub menus I might be able to confirm any changes to parental controls. The main thing I hope they change is allowing Parental Controls in a domain environment. I actually run a domain at my house and would love to use Parental Controls for my kids but can’t unless they login locally.

  3. Michael Pietroforte Michael says:

    Jason, thanks for the info. I added three more screen shots. It is possible that the changes are not yet included or disabled in this build (6801).

  4. Jason says:

    Looks all the same to me. Maybe the improvements are under the hood. Thanks for the screen shots.

  5. [...] Windows 7 new features – the complete list – Part3- Security [...]

  6. Paul Mak says:

    Windows 7′s Parental Controls has removed “Web filtering and activity reporting”, which is built-in Vista. But you can pay to subscribe to 3rd party or even Microsoft Windows Live Family Safety…

  7. Paul, that doesn’t sound like an “additional” feature.

  8. Mat Locke says:

    Have there been any improvements beyond UAC so you can run as an admin on the box, but still get prompted when you need to do an install for example? Similar to Linux / Unix sudo or SU command? I’m an MCSE, but love the way Unix did their security model. It would mean less system compromises for users that don’t know what they heck they are doing?

Please share your thoughts in a comment!

Login

Lost your password?