Cloudtidings.com

This item applies to Windows 7 Enterprise and Windows 7 Ultimate.

DirectAccess includes many improvements in smart card use, diagnostics, and user experience:

• Smart cards. Smart card support no longer requires Windows 7 Domain Functional Mode. Smart card management has been simplified to focus on edge enforcement as opposed to edge enforcement and local client enforcement. Beta feedback suggested that the local client enforcement option could create an increased number of support issues for organizations. Therefore, the option to enforce smart cards for all interactive logins is no longer available in the DirectAccess Wizard. Also, if a smart card is required, there is an enhanced user notification that is provided to help the user learn when a smart card is required.

  

• Troubleshooting. Support for troubleshooting is enhanced, including a new Windows Troubleshooting entry point within Control Panel. If a resource is not reachable (for example, a Web site fails to load), use the Diagnose Connection in Internet Explorer or Troubleshoot problems entry points to help determine the cause of the issue.

  

• User experience. Corporate Connectivity Notification has been removed to simplify the user experience; only Internet Access is displayed. If a resource is not reachable, the user should use the troubleshooting features to determine the reason.

For more information, see the DirectAccess (http://go.microsoft.com/fwlink/?LinkId=150441) home page on Microsoft® TechNet.

Prior to Windows 7, to open a file across a slow network, client computers always retrieved the file from the server, even if the client computer had recently read the file. With Windows 7 transparent caching, client computers cache remote files more aggressively, reducing the number of times a client computer might have to retrieve the same data from a server.

With transparent caching, the first time a user opens a file in a shared folder, Windows 7 reads the file from the server and then stores it in a cache on the computer’s hard disk drive. The second and subsequent times a user reads the same file, Windows 7 retrieves the cached file from disk instead of reading it from the server. To provide data integrity, Windows 7 always contacts the server to ensure the cached copy is up-to-date. The cache is never accessed if the server is unavailable, and updates to the file are always written directly to the server.

Transparent caching is not enabled by default on fast networks. IT professionals can use Group Policy to enable transparent caching, to improve the efficiency of the cache, and to save disk space on the client computer. They can configure the amount of disk space the cache uses and prevent specific file types from being synchronized.

As the feature name implies, the benefit is transparent to end users, providing a branch office experience that more closely resembles the experience of being on the same LAN as a server. Additionally, transparent caching can reduce bandwidth use across WAN links.

The Windows 7 partition drive size (required for BitLocker™ and the Windows Recovery Environment) has been reduced from 200 MB to 100 MB.

These items apply to Windows 7 Enterprise and Windows 7 Ultimate.

• The AppLocker UI includes a new administrative template, which can be configured by an administrator to display a customized URL when AppLocker blocks an application from starting. The message can be used to reduce help desk calls by directing users to a help desk intranet site.

  To customize the administrative template, follow these steps:

  1. Open the Group Policy Management snap-in, right-click a Group Policy object (GPO), and then click Edit.

  2. In the Group Policy Management Editor snap-in, expand Administrative Templates, expand Windows Components, and then click Windows Explorer.

  3. In the details pane, under Setting, double-click Set a support web page link.

  4. Select Enabled, and then type a custom URL in the Support Web page URL text box.

     

  5. Click OK.

• New Windows PowerShell cmdlets, used in conjunction with the AppLocker UI, provide building blocks that help author, test, maintain, and troubleshoot AppLocker policies. These cmdlets allow an organization to build and import new AppLocker rules from event log information collected by running AppLocker in audit mode. As a result, these cmdlets help automate the IT processes required to build appropriate rule sets easily and confidently.

In the beta release, a user could change the notification level in the User Account Control (UAC) control panel without receiving a prompt for administrative credentials. The UAC control panel now runs in a high integrity process; changing the level of the UAC prompts for confirmation. When a user is logged on with a standard user account, that user must provide administrative credentials to change the default UAC notification level.

The default HTTP/HTTPS ports for Windows Remote Management (WinRM) and Windows PowerShell remoting have changed from 80/443 to 5985/5986 since the beta release. This change provides a more secure default configuration by avoiding accidental exposure of the WinRM interface to Web traffic on an Internet-facing server.

As a result of this change, pre-RC and post-RC computers that are not configured properly cannot communicate. When pre-RC and post-RC computers are used together for remote management, either directly (using the WinRM command-line tool or the WSMan APIs) or through an application that uses WinRM (such as Windows PowerShell or Event Collector), an error message occurs. This is the same error message that displays when the server has not been configured for WinRM traffic, because it is contacting the wrong port.

To avoid this issue, upgrade all computers by installing Windows 7 or Windows Server® 2008 R2 or by installing WinRM 2.0.

Microsoft has removed the Bluetooth® audio class driver from Windows 7. When installing a Bluetooth audio device for the first time, you will need to install a non-Microsoft driver (your version of Windows 7 may already include the non-Microsoft audio driver). If your version of Windows 7 does not include the correct drivers, you can download them from Windows Update, your computer manufacturer’s Web site, or (for a driver that’s specifically written for the Bluetooth device) directly from your Bluetooth radio manufacturer’s Web site. 

Some networks or network equipment block Internet access to home media (for example, corporate network policy often prevents this type of connectivity). However, you can manually configure your home router to increase the likelihood that Internet access to home media will succeed.

Although Windows attempts to automatically enable settings on your home router when Internet access to home media is set up, some home routers do not support this capability or they have disabled it. For best results, use a home router that has been certified to work with Windows.

To manually enable the necessary settings on your home router, first try the following:

1. From a Web browser, go to the configuration Web page of your home router (for example, http://192.168.0.1).

2. Locate and enable the UPnP™ feature. Save your settings.

   Note
   Home routers differ, but this feature is usually found in the Advanced settings. For more information about enabling the UPnP setting, consult your home router manual.

3. Open Windows Media® Player on your home computer that is running Windows 7.

   Note
   If Windows Media Player is already open, close and then reopen it.

4. On the Stream menu, select Allow Internet access to home media…

5. On the Internet Home Media Access dialog box, select Do not allow Internet access to home media.

6. On the Stream menu, select Allow Internet access to home media…

7. On the Internet Home Media Access dialog box, select Allow Internet access to home media.

If the preceding procedure does not work because your home router does not support UPnP, you can manually configure advanced port-forwarding options on your home router.

To determine which TCP ports on your home router to forward to your home computer that is running Windows 7, follow these steps:

1. In Windows Media Player, on the Stream menu, select Allow Internet access to home media…

2. On the Internet Home Media Access dialog box, select Diagnose connections.

   Note
   If this option is not available, select Allow Internet access to home media to enable the feature, and then repeat steps 1 and 2.

3. Click the Port forwarding information link (located at the bottom of the window) to identify the TCP ports.

4. From a Web browser, go to the configuration Web page of your home router (for example, http://192.168.0.1).

5. Locate the port forwarding feature and specify the TCP ports that were identified in step 3. Save your settings.

   Note
   Home routers differ, but this feature is usually found in the Advanced settings. For more information about enabling port-forwarding, consult your home router manual.

• Windows XP Mode provides a virtual Windows XP environment in which you can run many Windows XP productivity applications on a Windows 7–based computer. Windows XP Mode is included in Windows 7 and is available as a pre-installed feature by your computer manufacturer or as a free download. For more information about Windows XP Mode, see Windows Virtual PC (http://go.microsoft.com/fwlink/?LinkId=150447) on the Microsoft Web site.

  

• Windows Virtual PC provides the virtualization technology for Windows 7. Windows Virtual PC allows multiple client operating systems to run at the same time on a Windows 7 desktop, and it offers the runtime engine for Windows XP Mode, which provides a virtual Windows XP environment on Windows 7. For more information about Windows Virtual PC, see Windows Virtual PC (http://go.microsoft.com/fwlink/?LinkId=150447) on the Microsoft Web site and the Windows Virtual PC Evaluation Guide.

• Microsoft Enterprise Desktop Virtualization (MED-V), built on Windows Virtual PC, is designed to provide IT professionals with the capability to centrally manage and deploy virtual Windows environments to reduce complexity, maintain control, and keep costs low. MED-V is available through Microsoft Desktop Optimization Pack (MDOP). For more information about MDOP, see Microsoft Desktop Optimization Pack (http://go.microsoft.com/fwlink/?LinkId=150448) on Microsoft TechNet.

Application Compatibility Toolkit (ACT) 5.5 enables software developers, independent software vendors (ISVs), and IT professionals to determine the following:

• Whether their devices and applications are compatible with a new version of the Windows operating system.

• How an update to a new version of the Windows operating system will impact their applications.

The toolkit can also be used by developers as follows:

• To test Web applications and Web sites for compatibility with new releases and security updates to Internet Explorer®

• To determine potential compatibility issues due to the User Account Control (UAC) feature

• To create compatibility fixes for application compatibility issues

• To determine potential application installation and setup issues

ACT 5.5 includes the following functionality:

• Inventories applications, hardware, and devices on user’s computers that run earlier versions of the operating system.

• Analyzes compatibility traits of applications and devices, and synchronizes compatibility data with ISV, logo, and community assessment.

• Provides test tools for Internet Explorer 8 compatibility testing.

• Provides tools to build compatibility fixes (called “shims”) for incompatible applications.

For more information, see Microsoft Application Compatibility Toolkit (ACT) Version 5.5 (http://go.microsoft.com/fwlink/?LinkID=146754) on Microsoft TechNet.