Windows 7 Enterprise

DirectAccess

Gives mobile users seamless and secure access to corporate networks without a need to VPN. Also, allows IT to manage remote machines more effectively by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on. In addition to authenticating the computer, DirectAccess can also validate the user and support multifactor authentication, such as a smart card. IT administrators can configure which intranet resources specific users can access using DirectAccess.

BranchCache

Decreases the time branch office users spend waiting to download files across the network. When IT enables BranchCache, a copy of data accessed from an intranet website or a file server is cached locally within the branch office. When another user on the same network requests the file, the user gets access to the content almost immediately as it is downloaded from the local cache rather than over a limited bandwidth connection back to headquarters. BranchCache only serves content to users who have the right permissions and always checks to make sure it is delivering the latest version of the file.

Federated Search

Helps users find information in remote repositories, including SharePoint sites, with an improved and seamless search experience across local and networked corporate data directly within Windows Explorer and the Start menu. Libraries are a new way of accessing documents that might be located in different folders, on different hard drives, or even on different computers that are backed by a Windows Search index—in a single view. Windows 7 creates several default libraries for items such as documents and pictures, allowing you to organize and browse files in an optimal way. You can also create custom libraries. With Federated Search, users can select which sites they want to search from, or IT can populate a list for the user. Federated search results are presented in Windows explorer much like local files, with rich views, file details, and previews.

BitLocker and BitLocker To Go

Help protect data on PCs and removable drives, with manageability to enforce encryption and backup of recovery keys. BitLocker Drive Encryption helps protect sensitive data from being accessed by unauthorized users who come into possession of lost, stolen, or improperly decommissioned computers. BitLocker To Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. Administrators can require data protection for any removable storage device upon which users want to write data, while still allowing unprotected storage devices to be utilized in a read-only mode. Policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.

AppLocker

Specifies what software is allowed to run on the users PCs through centrally managed but flexible Group Policies. IT professionals can restrict unauthorized software while allowing applications, installation programs, and scripts that users need. Although AppLocker is not a security boundary, IT professionals can realize the security, operational, and compliance benefits of application standardization by incorporating AppLocker as a part of their overall security strategy. Also, with correctly structured rules, IT professionals can safely deploy updates to allowed applications without having to build a new rule for each version update.

Virtual desktop infrastructure (VDI) optimizations

Improved user experience for VDI with multi-monitor and microphone support, which have the ability to reuse virtual hard drive (VHD) images to boot a physical PC.