Windows, Enterprise, Windows 7, BitLocker, DirectAccess, BranchCache, AppLocker, Windows 7 Enterprise, Federated Search, VDI, Virtual Desktop infrastructure optimization, multilingual user interface

Unique technology for enterprise customers

The Windows 7 Enterprise operating system (OS) is available to Microsoft Software Assurance customers. With Windows 7 Enterprise, you can take advantage of the following features that are not available in Windows 7 Professional:

  • DirectAccess:  Give mobile users seamless access to corporate networks without a need to VPN.
  • BranchCache:  Decrease the time branch office users spend waiting to download files across the network.
  • Federated Search:  Find information in remote repositories, including SharePoint sites, with a simple user interface.
  • BitLocker and BitLocker To Go:  Help protect data on PCs and removable drives, with manageability to enforce encryption and backup of recovery keys.
  • AppLocker:  Specify what software is allowed to run on a user's PCs through centrally managed but flexible Group Policies.
  • Virtual desktop infrastructure (VDI) optimizations:  Improved user experience for VDI with multimon and microphone support, which have the ability to reuse virtual hard drive (VHD) images to boot a physical PC.
  • Multilingual user interface: Create a single OS image for deployment to users worldwide.

Enhance mobility and manageability with DirectAccess

  • Working outside the office is easier than ever. DirectAccess in Windows 7 and Windows Server 2008 R2 enhances the productivity of mobile workers by connecting them seamlessly and more securely to their corporate network any time they have Internet access—without the need to VPN. When your IT department enables DirectAccess, the corporate network’s file shares, intranet websites, and line-of-business applications remain accessible wherever you have an Internet connection.
  • Manage remote machines more effectively. Flexibility gives IT the opportunity to service remote machines on a regular basis and ensure that mobile users stay up to date with company policies. With DirectAccess, IT administrators can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on.
  • Enhance security and access control. To keep data safer as it travels public networks, DirectAccess uses IPv6-over-IPsec to encrypt communications transmitted across the Internet. DirectAccess is designed to reduce unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server (running Windows Server 2008 R2), or the administrator can choose to send all traffic through the corporate network. In addition to authenticating the computer, DirectAccess can also authenticate the user and supports multifactor authentication, such as a smart card. IT administrators can configure which intranet resources specific users can access using DirectAccess.
Back to top

Improve application responsiveness with BranchCache

  • Increase branch office user productivity. BranchCache in Windows 7 helps increase the network responsiveness of applications, giving users in remote offices an experience more like working in the head office. When accessing content stored on Windows Server 2008 R2, users in a branch office don't need to wait as long to download files from headquarters. When IT enables BranchCache, a copy of data accessed from an intranet website or a file server is cached locally within the branch office. When another user on the same network requests the file, the user gets access to the content almost immediately as it is downloaded from the local cache rather than over a limited bandwidth connection back to headquarters.
  • Flexible architecture. BranchCache only serves content to users who have the right permissions and always checks to make sure it is delivering the latest version of the file. BranchCache can operate in one of two modes. In Hosted Cache mode, a server in the branch running Windows Server 2008 R2 hosts the cached files. In the second mode, Distributed Cache, a branch server is not required; copies of files are directly cached on PCs in the branch and sent to other Windows 7 clients as needed.
  • Versatile and efficient protocols. BranchCache only retrieves data from headquarters when the user requests it. Because it is a passive cache, it decreases bandwidth utilization between headquarters and the branch. BranchCache only caches read requests, so it will never interfere with a user saving a file. BranchCache supports common protocols for web content (HTTP and HTTPS) and file servers (server messaging block [SMB]), enabling it to work with a wide variety of application types. Finally, it works seamlessly with network security technologies, including Secure Sockets Layer (SSL), SMB signing, and Internet Protocol security (IPsec) to improve application performance even if the content is encrypted.
Back to top

Help users find what they need with Federated Search

  • Search enhancements in Windows 7 make finding information easier. Enterprise users need to access data from a variety of sources in their daily tasks. With Windows Vista, Microsoft introduced advanced desktop search technology, enabling users to instantly find information on their computers. With Microsoft Office SharePoint Server 2007 and the Enterprise Search family of products, Microsoft delivered highly secure, manageable, server-based search. Windows 7 brings these experiences together and provides users with an improved and seamless search experience across local and networked corporate data directly within Windows Explorer and the Start menu.
  • More intuitive ways to find and organize information. Advancements to the Windows 7 user interface (UI) make it easier for users to quickly find what they are looking for. Libraries are a new way of accessing documents that might be located in different folders, on different hard drives, or even on different computers that are backed by a Windows Search index—in a single view. Windows 7 creates several default libraries for items such as documents and pictures, allowing you to organize and browse files in an optimal way. You can also create custom libraries. For example, libraries can be created per project to provide one entry point under which you can organize, access, and search files spread across multiple locations.
  • Searching beyond the local computer with federated search. Windows 7 enables users to search remote document repositories, SharePoint sites, and Web applications as easily as they search their desktops—through the familiar Windows interface. Windows 7 federated search uses an existing public standard called OpenSearch. Users can select which sites they want to search from, or IT can populate a list for the user. Federated search results are presented in Windows explorer much like local files, with rich views, file details, and previews.
  • Flexible search scopes. Making it easy to discover and search intranet sites can help organizations maximize their return on these investments. With Enterprise Search Scopes in Windows 7, IT administrators can populate links on the Start menu and in the Windows Explorer search results. These links simplify access to the most appropriate, complete, authoritative data sources on the network. This setup makes content on intranet portals more discoverable and accessible. IT administrators can deploy Enterprise Search scopes on users' machines using Group Policy.
Back to top

Help prevent loss or theft of data with BitLocker and BitLocker To Go

  • Protect your data—even on removable drives. With the continued growth of the mobile workforce, protecting sensitive data on mobile computers continues to be a major concern of IT decision makers. In 2008, 42 percent of respondents to the Computer Security Institute Computer Crime and Security Survey of enterprise IT professionals report that their organizations experienced theft of laptops or mobile devices. With Windows 7, BitLocker Drive Encryption helps protect sensitive data from being accessed by unauthorized users who come into possession of lost, stolen, or improperly decommissioned computers. BitLocker to Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them.
  • Easier to manage. Windows 7 gives administrators more control over how data in their environment is protected. From policy-configured Active Directory Domain Services integration for the escrow of recovery keys, to simple and efficient hardware recovery processes, BitLocker provides an integrated management experience for IT professionals. BitLocker to Go also gives administrators control over how removable storage devices can be utilized within their environment and the strength of protection that they require. Administrators can require data protection for any removable storage device upon which users want to write data, while still allowing unprotected storage devices to be utilized in a read-only mode. Policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.
  • Easier to set up. Whether you need to protect internal or removable drives, BitLocker in Windows 7 makes that protection easy because it works with almost any drive. Windows 7 simplifies the encryption of internal drives by automatically creating the hidden boot partition necessary to use BitLocker to protect the OS volume, eliminating the need to manually select that option during installation or to repartition the drive afterward. Best of all, BitLocker can be enabled on drives running Windows 7 with a simple right-click.
Back to top

Help prevent unauthorized software from running with AppLocker

  • Powerful yet easy to administer. Windows 7 offers new application control policies with AppLocker, a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops. AppLocker restricts unauthorized software while allowing applications, installation programs, and scripts that users need. Although AppLocker is not a security boundary, IT professionals can realize the security, operational, and compliance benefits of application standardization by incorporating AppLocker as a part of their overall security strategy.
  • Application updates don't change the rules. AppLocker provides simple, powerful, rule-based structures for specifying which applications can run that are centrally managed using Group Policy. It introduces "publisher rules" that are based on an application's digital signature, making it possible to build strong rules that account for application updates. For example, an organization can create a rule to "allow all versions greater than 1.0 of Microsoft Dynamics CRM to run if signed by Microsoft." With correctly structured rules, IT professionals can safely deploy updates to allowed applications without having to build a new rule for each version update.
Back to top
  • Better together: Windows 7 and Windows Server 2008
Download the datasheet