Client

Is Windows 7 Ready for Small Business

The Service Pack 1 rule is a good one for most operating systems, and not because a new version of Windows usually has as many bugs as benefits.

With Microsoft’s three-year cycle between client operating system releases, the 12-18 months before the first service pack comes out give you time to evaluate the new OS, check key customer applications for compatibility and prepare deployment plans. But if you have clients still clinging to Windows XP, you’re unlikely to want to wait that long. The good news is the development of Windows 7 has been so public and access to the beta and release candidate so wide that the RTM code has significantly fewer bugs and compatibility issues than previous new releases of Windows – and you can start evaluating much earlier.

Gartner suggests that businesses don’t need to wait for SP1 for stability and security but start planning deployment as soon as the software they need is supported. For larger businesses, that still means they’ll be ready to deploy around the time any SP1 might come out, but faster moving smaller businesses can take advantage of Windows 7 rather sooner if they want to. And yes, we think they will want to.

On the device side, apart from some notable exceptions (an NVIDIA card in a Dell XPS laptop that needed the BIOS to be updated before installing a new graphics driver, for example), Windows 7 finds and installs more drivers than Windows XP or Vista do for the vast majority of devices without you having to dig out the support CD.  In terms of applications, although the architectural changes made for Windows Vista are still there, compatibility is better than for Vista. It’s not just that there are Vista-compatible version of many more apps now; Windows 7 has a lot more shims to address compatibility for specific apps and there are a number of improvements to the compatibility ‘layers’ (where you tell Windows to pretend it’s an earlier version), including supporting apps that write to the root directory of the system drive.

Lock down apps easily with dynamic AppLocker rules.
Lock down apps easily with dynamic AppLocker rules.



The Application Compatibility Kit 5.5 is available now (from www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=24da89e9-b581-47b0-b45e-492dd6da2971) and it represents the fruits of Microsoft’s internal testing of thousands of apps. By the time Windows 7 is generally available, more software companies will have reported on support and compatibility for their apps.

There will be apps that still won’t run on Windows 7 but in the worst case, you can run applications in XP Mode; a full copy of Windows XP running as a virtual machine and exposing individual apps as windows integrated into the Windows 7 desktop; this is a free download for Professional, Enterprise and Ultimate versions (including the XP licence) and many OEMs will pre-install it on new PCs. It’s based on Virtual PC so it requires Intel VT or AMD-V hardware virtualisation support. If you need Internet Explorer 6, rather than the compatibility mode in Internet Explorer 8, this is the way to get it (side by side with IE 8).

The disadvantage is that you have to service the copy of Windows XP as well as Windows 7, and protect it with anti-virus software (and at the time of writing using the McAfee firewall  in XP Mode disables integration with Windows 7, although other anti-virus applications don’t have similar problems). You can manage XP Mode through tools like System Center (including System Center Essentials) by treating it as separate machine. If you expect to be dealing with enough copies of XP Mode for this to be a burden, use MED-V instead.

Windows 7 has significant advantages over Vista in terms of performance, and in some cases over XP (and it runs on less powerful hardware than Vista, including running well on netbooks with Atom processors and only 1GB of RAM). The page file is smaller and memory management is much improved (especially the amount of memory used by opening multiple windows). Startup, shutdown and hibernation are all faster, as are common operations including file copy (a particular pain point for Windows Vista before Service Pack 1). If you’ve been benchmarking pre-release versions of Windows 7 – including the Release Candidate – repeat your tests on the RTM version as performance has improved again. It’s also more reliable, thanks to changes from the kernel up, including a new fault tolerant heap that automatically corrects memory faults that cause program crashes.

The user interface is similar to Vista, but much more usable, with large icons on the toolbar, large thumbnail previews that you can view, move or close directly and better support for multiple monitors and projectors. That should mean simpler training and less user resistance than Vista. Search from the Start menu is similar to the feature in Windows Vista, returning matching applications, documents, emails and files, but it’s significantly faster and more responsive. Search federation – based on OpenSearch – extends this to any OpenSearch-aware document store, portal or search engine; you can pre-populate PCs with search connectors. Libraries in Windows 7 aggregate multiple folders and data locations, on the PC and on the network;  although the concept may be hard to explain to users (unless you suggest that it’s like the media library in iTunes or Windows Media Player, with pointers to files in multiple folders), but it’s intuitive to use. The combination of the two should simplify efforts to centralize documents on the network for backup.
You can force users to encrypt removable drives with BitLocker To Go – and you can enforce strong passwords.
You can force users to encrypt removable drives with BitLocker To Go – and you can enforce strong passwords.



Some of the pain with Vista came from security improvements; Windows 7 – and improvements in applications – reduce that pain without reducing security. User Account Control (UAC) is less intrusive, and it’s triggered by far fewer common actions. Windows 7 adds AppLocker application whitelisting through Group Policy (in the Enterprise and Ultimate editions), that controls applications and scripts users can install and run. Rules make AppLocker flexible and reduce the work you have to do; you can specify apps by the filename, publisher, version number whether they’re signed and rules can be dynamic. That means you can allow anything from Microsoft and Adobe, specific applications, a specific version of specific applications – or later versions as well, so you don’t have to change the rule for new versions of approved apps unless you choose to.

BitLocker disk encryption is still only in Enterprise and Ultimate versions (which might be a good enough reason to move even small customers to SA licensing – which may be what Microsoft is counting on), but the (smaller) hidden partition for that is created automatically during installation and it now protects removable drives as well. Given the ubiquity of USB sticks and the financial penalties for companies that don’t protect customer data, BitLocker To Go alone is a strong reason to upgrade. Drives can only be encrypted on Windows 7, but they can be read (though not updated) on any version of XP or Vista. You can force encryption through Group Policy, but allow read-only access to unencrypted drives and you can enforce non-trivial passwords.

Unless you’re waiting until October and using retail media to update your smallest customers, you won’t need to worry whether the EU turns down Microsoft’s proposal for a browser ‘ballot screen’ and insists on the clean-install-only Windows 7 E version originally threatened. A clean install also means something a little different with Windows 7. You won’t retain the applications that were previously installed, but documents and settings will be preserved in a WINDOWS.OLD folder (and the new hard link process protects these and then changes the file handles rather than physically moving sectors, making the migration much faster).

Windows 7 has the same advantages as Vista in terms of file-based WIM images rather than destructive sector-based images, so you need only one image for multiple configurations of hardware and software, including desktops and notebooks. Instead of an image for each individual hardware platform you support, you can have a single image for all your clients. Servicing images is also considerably simpler.
There isn’t a graphical version of DISM yet, but the GImageX GUI is a handy tool.
There isn’t a graphical version of DISM yet, but the GImageX GUI is a handy tool.


The Deployment Image Servicing and Management (DISM) command line tool lets you enumerate the features, packages, updates and drivers on an image offline, and also service these areas (including adding drivers, hotfixes and OS packages or upgrading images from one edition to another); this consolidates a number of existing tools including PKGMGR.EXE and INTLCFG.EXE and adds logging. You can add and remove drivers in a mounted or applied image; in Vista that required deploy-time driver injection. You can also service Windows 7 VHD images built for native VHD boot just like WIMs. The individual tools for imaging and unattended installation are still there, like ImageX and Windows System Image, but there’s also the Windows Automated Installation Kit (AIK) - what used to be the OEM-specific tools in the OEM Pre-installation Kit (OPK). Download it from www.microsoft.com/downloads/details.aspx?FamilyID=4ad85860-d1f4-42a1-a46c-e039e3d0db5d&displaylang=en.

AIK lets you automate Windows installations, capture Windows images with ImageX, configure and modify images with DISM, create Windows PE images, and migrate user profiles and data with the User State Migration Tool (the same technology that moves user files without physically moving sectors in the retail product). Microsoft is planning a graphical version of DISM at some point; until then there’s a handy third-party tool, GImageX (www.autoitscript.com/gimagex) which is a graphical front end to the ImageX command-line tool, for capturing and applying WIM images. ImageX itself is more robust than in Vista, it lets you save interim versions of complex images and modify multiple images at the same time.

If you’re not using Windows Deployment Services for smaller customers, or you have to deal with laptops where you can’t deploy images over a network, you can do a fast deployment from media using Lite Touch Installation from the Microsoft Deployment Toolkit 2010 (once called Business Desktop Deployment); this is still far more automated than using a standard custom image and still takes only a minute or so per machine to start a standard image deployment, which is faster and more flexible than using a standard custom image. Available as a release candidate via Connect at the time of writing, the final version should be available by the time Windows 7 goes on sale; the AIK autorun page includes links to MDT, ACT and the MAP Toolkit.
Windows 7 uses fewer resources itself, and the Resource Manager makes it easier to see where they’re going.
Windows 7 uses fewer resources itself, and the Resource Manager makes it easier to see where they’re going.



Once Windows 7 is deployed, you can upgrade to a better version without re-installing; for example if you take a customer from the Professional to Ultimate version to get features like BitLocker.

As usual, there are more Group Policy Objects for the new features, including detailed auditing. PowerShell is included in Windows 7 so you can use it to manage multiple GPOs through a single script; that’s much easier than using the API for the Group Policy management console.

The Windows Recovery Environment (RE) is now installed by default in Windows 7; that makes it easier for users to either get things working again themselves or give you the information you need to diagnose problems. The built-in troubleshooters cover the most common subjects of calls to Microsoft product support; they may even pop up automatically to help users when problems occur and they fix common problems you might otherwise need to visit the desktop for – everything from turning Aero back on to restarting the wireless adapter. You can build your own troubleshooters in PowerShell.

The new Resource Monitor interface includes troubleshooting features you may recognize from the SysInternals Process Explorer. And if users are trying to describe a problem, the Problem Steps Recorder takes screenshots and documents system state which should make it easier for you to understand what’s going wrong; you can also use it to create training materials to document how your customers’ specific tools and processes work in Windows 7. Put together the new features, the overall improvements and the number of ways Windows 7 will make your life easier and it will be a welcome upgrade when your customers are ready.

Seven and Server
If your customers have Windows Server 2008, they get much faster file speeds between Windows Vista or 7 and network shares, because they all use SMB 2. They can search Windows Server file shares from Explorer and get fast results, because Windows Server indexes the drives. There are specific benefits if you use Windows 7 on a network with Windows Server 2008 R2, but they may require more infrastructure investment than small businesses are prepared for.

DirectAccess replaces VPNs (which many users find confusing and many IT pros find difficult to support and troubleshoot). Like the Outlook Anywhere feature, which connects to Exchange over https, DirectAccess creates a secure IPsec tunnel over a standard Internet connection, which means it works where VPNs might be blocked (like hotel networks and free Wi-Fi hotspots); as soon as users get online, they have access to network resources and file shares, as if they were in the office.

It sounds ideal for small businesses, but it requires Windows Ultimate or Enterprise, a (preferably) dedicated Windows Server 2008 R2 machine with two network cards and at least two consecutive static, public IPv4 addresses, that’s not behind NAT, plus domain-joined clients and an infrastructure with Certificate Services running and IPv6 for end-to-end addressing (or IPv6 transition technologies like Teredo, 6to4, ISATAP (Intra-Site Automatic Tunnel Addressing Protocol –built into R2) or NAT protocol translation devices).

Branch Cache also requires R2; this caches content for branch offices on slow network connections.


Windows 7 Springboard
Support, deployment and management resources for Windows 7: http://technet.microsoft.com/en-us/windows/dd361745.aspx

TechNet Windows 7 Deployment centre
Links to tools, guides and white papers on deploying Windows 7: http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx

Deployment TechCenter
Covers Windows 7, Windows Server 2008 R2 and earlier versions: http://technet.microsoft.com/en-us/desktopdeployment/default.aspx

Choosing a deployment strategy
This chart breaks down which strategy and tools you want to use for which customers, in which circumstances: http://technet.microsoft.com/en-us/library/dd919185(WS.10).aspx

Windows XP to Windows 7 Migration
An interactive guide to the steps involved in a XP to 7 migration: http://technet.microsoft.com/en-us/windows/ee150430.aspx

Windows 7 Application Compatibility Forum
This TechNet forum is aimed at IT Pros and staffed by engineers ready to help out on compatibility questions: http://social.technet.microsoft.com/Forums/en-US/w7itproappcompat/threads
 


 
Banner

Show other articles by this author

Share |
Write comment
security image
smaller | bigger

busy

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

None of your customers are complaining about viruses, their network being slow or strange things happening on their new PDAs and laptops; is it time to take the afternoon off? Maybe, but before you do, make sure things will look as good next week by making sure you know what you’re defending against. Microsoft has a set of resources at http://technet.microsoft.com/en-us/security/cc514043.aspx covering the current threat landscape and showing ways to help protect your clients and their customers, including analyses of data collected from millions of users, strategies, mitigations and countermeasures. read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

RECENT COMMENTS