OK - I've been doing a bit more research.
According to
http://technet.microsoft.com/en-us/library/dd440865%28WS.10%29.aspx#two
boot from VHD no workee with bitlocker. Scratch that. Not important enough.
Also, the charts I'm looking at say that Applocker isn't available as
an addon for Pro (as I previously stated), but the charts say it is
there for Pro in a limited form - can create but not enforce policies.
What, exactly is the operational impact of that - does anyone have a
clue for me? I'm looking all over the MSFT site and not finding what
that means.
Kurt
On Wed, Mar 3, 2010 at 14:24, Michael B. Smith <[email protected]> wrote:
> Eh...boot from VHD is a way of easing image deployment and treating "laptops
> as a utility". Basically to replace a laptop, you copy the VHD from one to
> another. Since it's all virtual, you don't have to worry about drivers or
> anything at all. Some people consider it exciting. I think it's boring but
> useful. :-)
>
> DA allows any corpnet PC to act as if it were on corpnet - anywhere in the
> world. Without a standalone VPN. Securely. I think that's a game changer all
> on its own.
>
> BranchCache is a way of caching HQ-based materials at each branch and
> updating only when needed. Think of it as "selective DFS" to the branch.
>
> AppLocker is white-listing applications. IMHO white-listing is where
> malware/AV protection are heading. It was painful to do (in Windows) prior to
> AppLocker. With AppLocker, it's pretty darn simple.
>
> RODCs are orthogonal to Win7, but they require Server 2008 and above, so they
> are a feature worth mentioning. Comes for free with the rest of it. :-)
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com
>
>
> -----Original Message-----
> From: Kurt Buff [mailto:[email protected]]
> Sent: Wednesday, March 03, 2010 5:16 PM
> To: NT System Admin Issues
> Subject: Re: Win7 Pro vs. Enterprise
>
> I think DA has the potential to rock, but I'm skeptical of the maturity. But
> since we won't be deploying Win7 until the first half of next year, it may
> well show its strengths by then.
>
> I'm still researching BranchCache - I have no idea what it is.
>
> I'm wondering about AppLocker - I think I have an idea of what it is, but I
> need more understanding. And, it doesn't *really* provide a differentiator
> between Pro and Enterprise, since you can buy it as an addon for Pro, though
> financially it might make sense to go with Enterprise if the Applocker addon
> is at all expensive.
>
> RODCs are for Win2k8, and orthogonal to Win7 deployment, AFAICT. If I'm
> wrong, I won't mind hearing it, though.
>
> I'm all over BitLocker, though. For portables in a business environment, it's
> basically required, IMHO.
>
> The last thing I'm still scratching my head over is the "boot from VHD"
> features. What's that all about? I'm looking at a couple of articles trying
> to figure that out, but they haven't said anything interesting yet.
>
> Kurt
>
> On Wed, Mar 3, 2010 at 13:33, Michael B. Smith <[email protected]> wrote:
>> I think DA absolutely rocks. So does BitLocker. And AppLocker. And
>> BranchCache. And RODCs.
>>
>> All incremental evolutionary improvements - but they make the environment
>> easier to use and more secure.
>>
>> Regards,
>>
>> Michael B. Smith
>> Consultant and Exchange MVP
>> http://TheEssentialExchange.com
>>
>>
>> -----Original Message-----
>> From: Kurt Buff [mailto:[email protected]]
>> Sent: Wednesday, March 03, 2010 3:20 PM
>> To: NT System Admin Issues
>> Subject: Win7 Pro vs. Enterprise
>>
>> All,
>>
>> I've just noticed the Windows 7 has DirectAccess technology, which sounds
>> incredibly cool. But, it requires Win2k8 R2 - I assume for AD and the actual
>> UAG server, if nothing else.
>>
>> We're in the early planning stages of going to Win7 in the new year, and I'm
>> intrigued, but skeptical from a technology/security maturation perspective.
>>
>> I haven't seen any real discussion of it either - anyone have experience
>> they'd care to share?
>>
>> One big reason for asking is because it requires Win7 Enterpise, and we need
>> to make the decision between Pro and Enterprise.
>>
>> And, has anyone seen any other compelling reason to choose Enterprise over
>> Pro?
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
