First, while the fingerprint scanner can only be used to log on to a computer that cannot log into a company domain, the Windows Biometric Framework can log on to the domain.
Secondly, users can save up to 10 fingerprints, each with a hand. Although most of us do not want to lose fingerprints, there are up to 10 fingerprints to use in case of a bad situation. For example, if you are burned while you are cooking or do not notice getting stuck in the door. In this case, you will be thankful for the Windows Biometric Framework when you have saved up to 10 fingerprints, because you don't have to wait for the saved finger to recover but still have access to your computer.
Fingerprints are added using the Biometric Device, available in the Control Panel of any Windows 7-based computer, with a built-in fingerprint scanner. From there you can start the computer and access the domain. Note that you will have to log in as a new manager to add or manage fingerprints in Windows 7.
BitLocker To Go
One of the most serious security problems businesses face today is the loss of precious mobile phones containing important information. Windows Vista's BitLocker has begun to emphasize this issue by allowing users to encrypt the entire hard drive of our laptop. Therefore, when lost or stolen, no one can access the information stored in it. BitLocker To Go even extends protection to external hard drives.
Integrated in Windows 7 Enterprise and Ultimate editions, BitLocker To Go is easy to use: right-click on the drive and select Turn on BitLocker to open a wizard that has a series of steps to encrypt your drive. Wait until the operation is successful, you have an encrypted drive. The waiting time depends on the speed of the computer and the hard drive. However, the encoding speed will fall to about 20 minutes for a 2GB flash drive.
In addition, BitLocker To Go drives will be decrypted by passwords or for businesses, they can use smart cards with different certifications.
The encrypted drives removed can be created on the Enterprise and Ultimate versions of Windows 7. However, when encrypting a drive, you can read and add data on this drive from any computer. running Windows 7. Additionally, you can install a reader application on an encrypted drive, allowing users to read data from Vista and XP computers.
The extra security feature that can be applied in an enterprise environment through administrator rights can allow users to only store data on the BitLocker To Go drive, just in case users store data on the hard drive. not secure. Windows Server users can also keep recovery passwords in a certificate using Active Directory. Therefore, if the password is lost or forgotten, it can be restored.
AppLocker
Managing installed or running user applications is an effective way to maintain system stability, prevent malware and protect bandwidth-intensive applications like BitTorrent access.
In previous versions of Windows, this was done by the Software Restriction Policies feature. This feature can be applied to prevent certain software from locating the bundle in the file system or causing them to fail when connecting to the password of a trusted application.
Software Restriction Policies can cause a bit of trouble when implementing and maintaining efficiency. Some programs need to be installed outside a specific path, requiring a new path to be created. Although these features provide high security but fail every time a program is updated. Therefore, IT managers need to maintain and update the list of rules and cancel the automatic update function of the program.
AppLocker, available in Windows 7 Enterprise and Ultimate (also included in Windows Server 2008 R2), has a new, flexible method of managing software: publisher rule. Publisher rule is based on the program's profile information, there are many applications in use.
This information is more detailed than the file path or code of the data, allowing the administrator to create complex rules such as allowing the software to be run only from a specific publisher, with a unique name and name. Specific file or a specific version to operate. For example, a rule can allow anything from Adobe to run or only Photoshop or only current versions and future versions of Photoshop.
AppLocker rules can be applied to executable files, scripts, installation programs or system libraries, allowing users the right to install the necessary software or update without administrator rights. while still preventing them from using software that is not allowed to use.
In addition, AppLocker rules can be applied to specific people or groups of users, an accounting group or a graphic design team that uses other specialized software, but with AppLocker, only Some specific rights apply to each group with different restrictions and benefits. AppLocker can also be used to distinguish different users when they share a computer.
The real-time saving feature is the ability to create automatic rules from a trusted computer. Permissions can be shared and applied globally to the network using Windows Group Policy settings.
It is important to note that AppLocker rules only apply to computers running Windows 7 operating systems with Enterprise or Ultimate versions. If some users in the company still use older versions of Windows, you need to install Software Restriction Policies. The more users upgrade to Windows 7, you can sync Software Restriction Policies and rely on the AppLocker feature.
DirectAccess
Advertiseed by Microsoft as the next generation replacement for VPN, DirectAccess allows Windows 7 Enterprise and Windows 7 Ultimate users to connect directly with Windows 2008 R2 and other server generations in the future. While users are familiar with VPN connections, DirectAccess is completely understandable to end users: when the computer is connected to the Internet, DirectAccess automatically creates a secure network for the enterprise network without any action. User's, and automatically routing requests to the internal network through this connection.
In addition, DirectAccess has a number of improvements over traditional VPN connectivity for automatic connection. First, this feature uses IPsec and IPv6 Internet protocols to encrypt and route end to end connections. While VPN encryption is done on the VPN server, DirectAccess can keep encryption during outgoing and incoming connections from the server application within the enterprise network. (DirectAccess supports a number of other protocols to create a link for this connection through a network that does not support IPv6 or IPsec)
Because DirectAccess uses an Internet standard port for traffic, it easily passes through a firewall without additional configuration, something VPN users always face.
Another handy feature of this feature is that, because connections are created and maintained automatically, managers can continuously manage and update machines using DirectAccess, even if the user is not directly using it. source of business.
This means that VPNs need to be censored, scanned before they are allowed to access corporate networks, a process that slows down connections and limits productivity, and only provides IT managers with a Small window during remote access management. With DirectAccess, computers are updated at the same time as the rest of the corporate network and are managed whenever users want to access the corporate network.
However, you must be aware that not all businesses can immediately switch to using DirectAccess. The system relies on high-end network infrastructure - including Windows Server 2008 R2 and IPv6 - which some businesses haven't upgraded yet, it will take a few years before there are enough tools and techniques to have. can completely switch to using DirectAccess. So, in the meantime, you can use a traditional VPN connection.
However, this feature still offers an outline for the future network, security, always connecting to data when allowing remote connections can work as if they are sitting at the main office.
For businesses, Windows 7 helps companies establish collaboration between the IT security department and end users, allowing employees to work while still applying security and updates from the network. All of these sharing features are like an easy-to-use contract, cost-free for security and very convenient for businesses.