Improved User Account Control (UAC) — In XP, users too often give themselves administrative privileges, which sometimes lets malicious programs run amok. Windows 7 gives everyone low levels of privilege until they need more. This will result in dialog boxes asking you to confirm certain things can run before they’re let loose. It’s not as intrusive as it was with Vista, but it still helps prevent secretive programs from running without your knowledge. Even better, you can adjust the level of confirmations that Windows 7 requests, so that only programs seeking elevated privileges cause alerts, but you’re allowed to install programs, change settings, and so forth (as long as your account possesses the necessary rights, of course). This is a big improvement over Vista, for sure!
BitLocker to Go — Vista introduced BitLocker, an encrypted and secure form of on-disk storage that only those with the right password can access. In Windows 7, BitLocker to Go extends this capability to USB drives, including USB flash drives (UFDs), so that you can secure some or all of the contents on drives or devices that you take with you on the road. This is a great way to protect against unwanted disclosure resulting from theft or loss of a notebook or a portable storage devices of some kind.
AppLocker — Windows 7 lets system administrators apply a kind of “whitelist” control to applications on user desktops. In other words, they can create lists of valid applications and use Group Policy objects to apply them to what users can see and launch on their desktops. If an application isn’t on the list, users can’t run it: What better way to keep them out of trouble?
Multiple active firewall profiles — In the Windows 7 environment, Windows Firewall settings depend on the firewall profile in use. Previous versions of Windows allowed only one firewall profile to be active at any one time. In Windows 7, each network adapter on a PC can apply whichever firewall profile is most appropriate for the type of network to which it connects (which will differ considerably from home, to office, to public/unsecured networks). Thus, if you’re working in an airport coffee shop and using a virtual private network (VPN) connection to access a server at your office, the firewall rules for the office VPN will apply to all traffic to and from that location, and the firewall rules for a public network will apply to all other traffic to and from your PC.
DirectAccess — This applies only to Windows 7 computers that belong to an Active Directory domain on a Windows Server 2008 R2 server. Within that framework, however, users can connect to office/domain network resources whenever they access the Internet. Connection speed aside, such Internet users have the same experience accessing office/domain network elements that they would if they were locally attached to that network. This technology also lets system administrators manage Windows 7 computers remotely, no matter where they may be at any given moment.
VPN Reconnect — This facility lets Windows 7 users automatically reestablish VPN connections as soon as they regain Internet access. This lets users turn off or disconnect their machines from the Internet at will, yet re-creates their secure office network connections as soon as they regain Internet access, using secure protocols that require no user interaction to set up and maintain.