Enterprise Storage Helper: Drive Encryption
It stands to reason that BitLocker (drive encryption) is not counted New features, it has appeared in Windows Vista. But in Windows 7, its attention is actually higher than in Windows Vista, so it still deserves a lot of attention from business users who are not interested in it. BitLocker is a component that provides disk-level data encryption. To understand BitLocker, you need to understand its predecessor EFS (Encrypting File System). As we all know, NTFS is the standard file system for Windows NT and later operating systems, supports metadata, and uses advanced data structures to improve performance, reliability, and disk space utilization, and provides several additional extensions, such as EFS. . EFS is available in Windows 2000/XP/Server 2003 to help users perform encryption operations on files and folders stored on NTFS disk volumes. If the files on the hard disk have been encrypted using EFS, even if the hacker can access the files on the hard disk, the files are not available because there is no decrypted key.
Of course, EFS is not invincible. NTFS active system partitions below 1.5GB and boot partitions higher than 50GB cannot be encrypted by EFS. You can use the BitLocker tool to protect it. EFS users can selectively encrypt some important files or folders, but BitLocker unconditionally encrypts all folders of the entire drive. BitLocker can make up for some of the shortcomings of EFS and can be used for unauthorized access. control.
By default, the Windows operating system does not enable the BitLocker feature. To encrypt a drive with Windows installed with BitLocker, the computer must have two partitions: the system partition (which contains the files needed to start the computer) and the operating system partition (including Windows), the operating system partition will be encrypted, and the system partition It will remain unencrypted so that you can start your computer. If the computer does not have a system partition, BitLocker automatically creates a system partition with 200MB of free disk space in Windows 7. The system will not assign a drive letter to the system partition, and the system will not display the folder. System partition. When encrypting a drive (operating system drive) with Windows installed, BitLocker stores its own encryption and decryption keys on a hardware device other than the hard disk, so you must have one of the following hardware devices: Trusted Any platform computer (TPM) (a computer with a special microchip that supports advanced security features); a removable hard drive or USB flash drive.
In the partition of the operating system where BitLocker is enabled, this function can monitor a series of disk errors, BIOS changes, startup configuration file changes, etc. If these functions are abnormally changed, BitLocker will automatically This disk is locked. The system administrator can then unlock the drive with a pre-set key. This can be helpful in preventing data loss, preventing theft or preventing hacking. And, BitLocker can lock portable storage devices that are easily seen by others, such as USB drives or removable hard drives.
Enterprise Application Manager: AppLocker
AppLocker (Application Control Policy) is a new security feature added to Windows 7, which can be easily configured using AppLocker administrators. For example, the QQ.exe executable can be used by all users before the AppLocker management is performed, and the restricted user cannot use the program after setting the relevant application control policy.
The specific method is to open “start →run”, enter gpedit.msc to open the group policy editor. In the left pane, open “Computer Configuration →Windows Settings →Security Settings →Application Control”, you can see AppLocker Group Policy Configuration Item ——“Executable Rules”,&ldquo ; Windows Installer Rules & rdquo; and & ldquo; script rules & rdquo; three types, right-click on each rule can create a new rule, users can create corresponding action rules according to their own needs. Right-click "Executable Rules & Rarr; Create New Rule", click "Next", click the "Select" button, in the pop-up dialog box, click "Advanced", click "ld" Find ”, find the user you want to disable, and then you can add qualified users to the rule. Then you can point the disabled object to QQ.exe, and finally click “Create”
To prevent flash virus propagation, leave the AutoRun.inf file out of operation. In this case, you can select "script rules"→“create new rules", select “permissions"→“reject" in the pop-up window, select “ in "users or groups" ;Everyone”,“Next”Select “path" in the creation condition, enter “?:\\AutoRun.inf” in the "path" box, continue to <;Next”, and finally Click “Create”
Such users can set various default rules of Applocker according to their actual situation, which can prevent normal system programs from being used by viruses and Trojans, and can prevent malicious programs from entering the computer through abnormal channels. run.
After a period of hot sales, Windows 7 and Windows Server 2008 R2 are fully integrated into corporate computers. In order to better meet the needs of enterprise users, Microsoft has introduced a large number of storage, network access, security and other functions in Windows 7 Enterprise /Ultimate and Windows Server 2008 R2, becoming a new tool for enterprise applications. And what are the typical functions of this kind? How to use it? What impact will it have on enterprise applications?
Enterprise efficiency multiplier: branch cache
According to Microsoft Branch Cache is an enterprise-class new feature provided in Windows 7 and Windows Server 2008 R2. When this function is enabled for the first time in WAN (Wide Area Network), it can access data according to authorization as usual, and needs to be accessed again. , the same content can be accessed according to the verification status of another client in the nearest department. Through this nearby access, the bandwidth utilization of the network can be improved, and the performance of the remote office network application can be improved, and the occupation of the network bandwidth of the enterprise can be reduced.
Branch Cache has two working modes: one is Distributed Cache and the other is Hosted Cache. Distributed caching uses a peer-to-peer model, similar to the Ad-hoc network, which enables faster access in smaller applications. The hosted cache uses a server/client architecture, similar to the AP central mode, which allows Windows 7 clients to copy content to a local computer running Windows Server 2008 R2 so that other clients that need access to the same content can be directly on the local server. Access this data and no longer depend on the original server. To use Branch Cache, all server systems must be Windows Server 2008 R2, and all clients must use Windows 7.
Users can manage the Branch Cache client using Group Policy settings or the Netsh command line script utility. You can use either of these tools to perform the following configuration tasks on the Branch Cache client: enable Branch Cache (it is disabled by default); select distributed cache mode or hosted cache mode; specify the size of the client computer's cache ( Use distributed cache mode) By default, Branch Cache uses up to 5% of the hard drive for the cache; specifies the location of the hosted cache (using hosted cache mode). In this regard, when using this setting, the Windows system gives detailed and intuitive setup instructions, and you can complete the setup according to the instructions.
According to Microsoft's test, downloading a 3MB file from an enterprise remote server took 47 seconds for the first time, and only 2 seconds for the second time. From this, you can see the Branch Cache function. Efficiency, it is useful for large and medium-sized enterprise architecture branch offices. A joint acceleration application that compresses, eliminates redundancy, transport optimization, caching, and content distribution provides organizations with an easy way to consolidate branch servers, consolidate storage and backup infrastructure while ensuring end-user high-performance applications.
Enterprise Access New Security: DirectAccess
DirectAccess is also a new enterprise application feature available in Windows 7 and Windows Server 2008 R2. With this function, users on the external network can directly access the resources behind the corporate firewall from the Internet at high speed and securely without connecting to a VPN (virtual private network, the core of the VPN is to use the public network to establish a virtual private network).
How is the DirectAccess function implemented? To achieve this, DirectAccess takes advantage of some of the features of IPv6 technology. As we all know, in the early stage of IPv6 development, how to make a large number of local pure IPv6 networks “traversing” the traditional IPv4 backbone network to achieve interoperability? For this reason, IPv6 “tunnel” technology emerged between IPv6 networks and IPv4 networks. At the entrance of the tunnel, the router encapsulates the IPv6 data packet into IPv4, and then forwards and forwards the IPv6 packet to the destination node at the exit of the tunnel, so that an IPv6 network similar to an island can be connected.
And DirectAccess is using this technology, it can be built on the client to establish an IPv6 tunnel connection to the DirectAccess server and can work on a normal IPv4 network, so that the administrator can The related computer is managed before the user logs in. The DirectAccess server mainly plays the role of internal and external network information transmission (ie, gateway) in this process. In order to obtain good encryption and authentication, DirectAccess also utilizes the optional IPsec (Internet Protocol Security) protocol family in IPv4, and encrypts the information in units of IP packets. Encrypt packets in transit or prevent tampering to ensure secure communication.
According to Microsoft, using DirectAccess, enterprise users can manage computers through the Internet without remote login, and have strong security. This feature provides an efficient working environment for mobile workers. For example, if a company employee is doing customer service outside, or if you want to find relevant internal information in an external meeting, you can use a laptop with Internet access without setting up a VPN connection. In the case of high-speed, secure direct access to resources behind the corporate firewall.
Perhaps for the average friend, all the protocol connection statistics in this system are rarely use
With the release of the official version of win10, some people chose to upgrade the win10 system, bu
win7 computer CPU Fan error error prompt solution Method 1: If the CPU fan wiring is wrong, the CPU
In order to keep our computers safe, many users have set passwords for their comput
Win7 boot shows "bootmgr is missing" response
How to solve the problem that Win7 application can't start parallel configuration incorrectly?
Win7 system taskbar how to restore the default settings
Six tips to open Win7 Task Manager
Win7 launches IE browser will automatically open two homepage solutions
Explain the tempting beauty of virtual Wifi NIC under Windows 7
Win7 application does not work properly
When will the Westward Volunteer appear on the computer?
Win7 system WPS document cancels the method of not setting a password
How to make the hard disk no longer automatically shut down under Windows 7
Windows XP operating system preliminary optimization skills set
How to view Directx program version under Win10 system
How to solve the problem that Windows Explorer cannot search for files
Teach you to query the time when installing Win7 system
How does WinXP look at the graphics card? Viewing the computer graphics card
Which system is better for windows7 and xp?
How does Windows 10 change the text information of the Cortana search bar?