BitLocker Drive Encryption – Protect Your Drive & Data

BitLocker Drive Encryption protects the information stored on your computer from hackers or thieves who might obtain access to your machine. It is a full disk encryption feature included with Microsoft’s Windows Vista and Windows 7 Ultimate designed to protect data by providing encryption for entire volumes. By encrypting the entire Windows system volume, data is better protected. Ideally a v1.2 Trusted Platform Module (TPM) chip is the preferred method of encryption key storage. BitLocker Drive Encryption is tightly integrated into Windows Vista and Windows 7 and provides a seamless, secure, and manageable data protection solution for you.

Windows 7 and Windows XP Mode

It’s probably inevitable that at some point during your organization’s transition to Windows 7, you’re going to
encounter an application that doesn’t run properly with the new operating system, no matter what hoops you
jump through. If you discover that such an application is considered essential by management, then you are in
the same boat with many other IT pros.
For such situations, Microsoft has provided a way for Windows 7 users to run a Windows XP virtual machine in
which the recalcitrant program can be executed, alongside native Windows 7 applications. This virtual machine
(VM) is also handy for running legacy device drivers that you may need for specific hardware. (I use Windows XP
Mode at home to talk to old scanners and cameras that still work but that don’t have Windows 7 drivers.)
This solution goes by the name “Windows XP Mode” and it’s an evolution of the special VM that Microsoft
made available for Windows Vista that was basically an XP virtual machine outfitted with Internet Explorer 6.
(That special VM is no longer freely available.)
Understand that while Windows XP Mode is fine for business users (it’s not supported on Windows 7 Home
editions) who have occasional needs to run a legacy OS in a virtual machine, it’s not a “managed” solution. For
that, you may want to take a look at MED-V (Microsoft Enterprise Desktop Virtualization), part of the MDOP
(Microsoft Desktop Optimization Pack)—if, that is, you’re a Software Assurance customer.
Here are some introductions of Windows XP Mode and includes the following topics.
• Do You NeedWindows XP Mode?
• How Can You GetWindows XP Mode?
• Requirements
• Core Features
• ImplementingWindows XP Mode
• ManagingWindows XP Mode
• Challenges


Do You Need Windows XP Mode?
Before you decide that you need Windows XP Mode, always spend time trying other ways to get your apps to
run under Windows 7: haranguing the vendor to provide updates, tweaking the EXE’s compatibility settings,
and/or spending some quality time with the (free) Microsoft Application Compatibility Toolkit (ACT). Also, try
running your problematic applications with different User Account Control (UAC) settings; sometimes that can
help.
If you do decide to use virtualization to solve short-term compatibility problems, Windows XP Mode isn’t the
only virtualization technology that can help. You can have users remote in to centrally hosted VMs, instead of
running VMs on their own local workstations, in a strategy Microsoft calls VDI, for Virtual Desktop Infrastructure.
The VDI approach relies on Hyper-V and Remote Desktop Services.

How Can You Get Windows XP Mode?
This is fairly easy. Although Windows XP Mode doesn’t come “in the box” with Windows 7, it’s a free download
from microsoft.com. Actually you’ll get three files, as follows.
• KB 958559, which is the main Virtual PC program
• KB977206, a Virtual PC update, which removes the requirement that the hosting PC supports hardware assisted
virtualization (but not everyone should install it; see caveat in the next section)
• WindowsXPMode_en-us, theWindows XP Mode software, including virtual machine preconfigured with
XP Service Pack 3 (note that this file is approximately half a gigabyte in size)

Requirements
Windows XP Mode is only available withWindows 7 Ultimate, Professional, and Enterprise (either 32-bit or 64-
bit versions). Sorry, Windows 7 home users, you’re left out in the cold on this one. More seriously, Windows Vista
users are, too. That seems a little strange to me, given the many architectural similarities between Windows 7
and Vista. There are, after all, lots of Vista shops out there, and they have the same issues with legacy XP applications
that Windows 7 shops have. Sure, a Vista shop could use Virtual PC 2007 to host applications in an XP
VM, but you lose a lot of the nice integration features offered by Virtual PC 2007.
As noted in the previous section, Virtual PC no longer requires hardware-assisted virtualization (HAV) although
HAV does have a significant positive effect on performance. If you’re not sure whether a given machine supports
HAV, Microsoft offers an HAV detection tool you can download (havdetectiontool.exe) that will tell you (see
Figure 1). The tool will also tell you if your PC supports HAV, but it is not enabled in the BIOS.
Why should you care?Well, Microsoft actually recommends that you do not install the KB977206 update to
Virtual PC if the hosting PC does provide HAV.


What about licensing? Good news here: you don’t need a separate license forWindows XP, to runWindows XP
Mode. (That’s not true, by the way, for MED-V, the managed version of Windows XP Mode.)

Core Features
Virtualization Engine. Windows XP Mode uses the Virtual PC engine, also known as “Virtual PC 7,” a freshening
of the Virtual PC 2007 product that Microsoft acquired back in 2003 from Connectix
Note that this is not Hyper-V, the server-based virtualization software Microsoft is trying to position as a viable
alternative to VMWare. Virtual PC is slower than Hyper-V, largely because it sits on top of a host operating system
(that is, Virtual PC is a “type 2 hypervisor”). Also, Virtual PC doesn’t emulate multiple processors or 64-bit
guest environments, and it doesn’t do snapshots. However, Virtual PC doesn’t require 64-bit host hardware as
Hyper-V does, and it doesn’t turn off hibernation and sleep capabilities as Hyper-V does. Virtual PC also isn’t
Virtual Server, Microsoft’s older IIS-based virtualization platform.
User Interface. You can run “Windows XP Mode” applications in so-called “seamless” mode (that is, just the
application window) or in a full virtual machine desktop. To perform the latter, just choose Start > Windows
Virtual PC > Windows XP Mode (see Figure 2). To perform the former, navigate to
Start > Windows Virtual PC > Windows XP Mode Applications  (see Figure 3)

One of the best features of Windows XP Mode is that when you choose to run an application without the entire 

desktop, the legacy app looks just like any other application window on theWindows 7 desktop (see Figure 4)

albeit without the Windows 7 “chrome” around the edges, and the user doesn’t have to interact with the XP 

desktop. (This technology, embodied in the vmsal.exe process, derives from the RemoteApp capabilities 

of Terminal Services. “VMSAL” stands for Virtual Machine Seamless Application Launcher.)

When you run the “full desktop” Windows XP Mode, you’ll see a special toolbar that you can use to perform
functions such as popping into a full-screen view, putting the VM to sleep, restarting, changing VM
settings, performing a true system shutdown, managing USB devices, and so forth .


It’s also possible for users to access theirWindows 7 profile folders from within a VM; this can be performed,
for example, by assigning the host system’s Documents folder as a drive letter on the Windows 7 host, so that it
appears as a host-based drive in the XP virtual machine’s “My Computer” window.
Windows XP Mode users can also use the clipboard between the virtualized app and host apps, and print from
the virtualized app to a host-based printer (although the user has to install the printer driver from within the
XP VM). And, as with earlier iterations of Virtual PC, users can access host-based optical drives. Finally, audio
support exists, and you can choose whether to redirect audio output to Windows 7’s audio drivers or use an
emulated soundcard.
Mouse integration and time synchronization are provided automatically between host and guest operating
systems. Users can enable or disable specific integration features via the VM’s “Tools” menu (see Figure 6).

Implementing Windows XP Mode
Windows XP Mode was designed to be configured on a machine-by-machine basis. You can mitigate that disadvantage
to some degree by installing Virtual PC andWindows XP Mode on your standard corporate desktop
image (if you have one), or by deploying these pieces through System Center, Group Policy, or other software
distribution mechanisms.

Choosing a password. The built-in user account for Windows XP Mode, XPMUser, needs a password, and, of
course, the temptation is to use the same credentials that the user uses to log onto Windows 7. That, however,
would be a mistake! Host applications, including evil ones, can access the credentials stored for Windows XP
Mode. This makes it important to choose a different password for XPMUser. You can haveWindows XP Mode
remember it, but even that’s better than using host credentials.
Installing applications. Applications that you’d like to run in Windows XP Mode need to be installed while
running Windows XP Mode. Once that’s done, the application will show up on the Windows 7 Start menu, and
can be run directly without the intervening XP desktop. The application will also show up within the VM if you
run the full XP desktop.
Configuring networking. Virtual PC inWindows 7 supports three types of networking for VMs: “internal
network,” which means that VMs can see each other but not the host; “bridged mode,” named after the specific
network adapter, in which the VM connects through the host network adapter and appears on the network as
if it were a non-virtual machine; and “shared networking (NAT)” in which the VM shares one TCP/IP connection
with the host and can, for example, access the Internet without appearing on the internal network as a separate
machine.Windows XP Mode uses the “shared networking (NAT)” method by default.
User training. Organizations should plan for some user training if Windows XP Mode is going to be used with
any frequency. In order to make things work without annoying error messages, users need to be disciplined
about exiting their virtualized apps and closing their VMs before relaunching applications.

Managing Windows XP Mode
Managing Windows XP Mode is largely a manual affair. What responsibilities IT departments might shoulder will
be a decision every organization has to face. Virtual XP machines need backing up, patching, anti-virus, antimalware, etc.
just like any workstation OS. And software running in Windows XP Mode may also be subject to
license management.
To take backing up as an example, you can take at least three different approaches.
• Use an XP-based backup program from within the VM
• After shutting down (not just hibernating) the virtual machine, back up theWindows XP Mode VM files,
including “undo” files, fromWindows 7 (these are normally in C:\Users\\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines; 
you probably won’t need to worry about the parent VHD file
in the C:\Program Files\Windows XP Mode area because it doesn’t usually change)
• Make sure all data gets saved to the user’sWindows 7 profile and don’t worry about backing up any
data on the VM
As for the anti-virus situation, you may not need to purchase an additional license to protect your Windows XP
Mode applications if you are licensing anti-virus software on a per-user basis rather than a per-device basis.
But do understand that anti-virus protection for the host Windows 7 system does not typically protect your XP
virtual machines!

Ten Things You Should Know about Windows 7

                

Introduction 

We’re all trying to get to know the latest revision of the Longhorn platform, arriving in two different suits of 

clothes: Server 2008 R2 and Windows 7. In this Microsoft white paper, I toss out ten things that you should 

probably know as you get familiar with the latest version of the Windows client. 

     1.  There Are No Radical Changes 

     2.  Windows XP Mode Runs Older Apps 

     3.  IE Compatibility View Makes 8 Work Like 7 

     4.  Windows Touch Needs Expensive Hardware 

     5.  Libraries Will Require Training 

     6.  Backup Is Better 

     7.  Applets Are Growing Up 

     8.  Windows 7 Is Huge 

     9.  The Versions Are Still Confusing 

     10.  UAC Is Still a Work in Progress 

1. There Are No Radical Changes 

The first thing you need to know is that Windows 7 does not represent any radical changes compared to its 

predecessor Vista. It’s still Longhorn under the hood, just with some new features and some performance-tuned 

code for everyday operations. I’ve said before that Windows 7 is what Vista should have been, and nothing I’ve 

seen in Windows 7 changes my mind about that. 

If you want proof that Windows 7 is basically a spruced-up Vista, open a command prompt. In Vista, you’ll see 

a version number like 6.0.. In Windows 7, it’s 6.1..  (See Figure 1) I can’t refrain 

from commenting on the bizarre nature of an operating system whose name is “7” but whose version number is 

“6.1,” although I’ll leave the interpretation of that symbolism to the reader! 

In fact, some of the more useful features of Windows 7 (Windows XP Mode, IE8 Compatibility View) have more 

to do with the past than with the present - they enable you to run applications written for XP, and view websites 

written for IE7. Thus does the continuing burden of supporting old stuff weigh down Microsoft’s new operating 

systems. I’ll bet that sometimes the Microsoft engineers wish they could just start fresh with a clean sheet of 

paper. (Actually, I wish they would do exactly that - the desktop metaphor has gotten awfully long in the tooth! 

- but I’m not holding my breath.) 

2. Windows XP Mode Runs Older Apps 

This capability is only available on Ultimate and Professional versions of Windows 7. It combines two download- 

able (i.e., not-in-the-Windows-7-box) technologies: Virtual PC, which, frankly, I’m surprised is still around, given 

the far-superior performance of Hyper-V, and “Windows XP Mode,” which is much larger (approaching half a 

gigabyte). 

My suspicion is that after the IE6 fiasco with Vista (ever try running IE6 on Vista? No? Good!), Microsoft decided 

that it would be smart to provide a virtual XP system where Windows 7 users can run apps that refuse to run 

satisfactorily under Windows 7 natively. I put this in the “last resort” category: if you can’t get an app to run us- 

ing the various other tricks (such as the EXE file’s Compatibility tab), then use Windows XP Mode. 

It’s not an elegant solution by any stretch of the imagination, because you’re virtualizing an entire XP system 

in order to run an application that doesn’t like Windows 7. But sometimes, an approach that works and isn’t 

elegant is preferable to not having an approach that works! 

To use “Windows XP Mode,” you have to have virtualization support on your computer (we’re talking Intel-VT 

on Intel motherboards and AMD-V on AMD ones). This shouldn’t be much of an issue; most systems of recent 

vintage will have this capability. You also need gobs more disk space, according to Microsoft. 

3. IE Compatibility View Makes 8 Work Like 7 

In the same spirit as Windows XP Mode comes IE8 “Compatibility View.” This is a special IE8 mode that inter- 

prets Web pages just as IE7 would. By default, IE8 runs in “Standards Mode” for Web addresses. Standards 

Mode adheres more closely to published Internet standards - something Microsoft has not always been known 

for, frankly! 

To the right of the address bar in Internet Explorer is a button with an icon of a torn page on it (!). Pressing the 

button when in “Standards Mode” causes IE to activate the Compatibility View and record the setting for reuse 

when you revisit that particular domain. 

There’s also a list of public websites that you can “opt into” when IE8 is installed. If you do so, these sites will 

be viewed in Compatibility View by default. 

Visiting intranet locations causes IE8 to default to Compatibility View. However, you can modify the META tag, 

or the HTTP header, to force Standards Mode, if that’s what you want. The META tag or HTTP header will win 

out over the browser setting, and what’s more, it will cause the Compatibility View icon to vanish for that page. 

You can also write inline code in your intranet pages that checks for the User Agent string (IE7 or IE8) and 

makes decisions accordingly. 

Despite these options, I suspect that it might be easier to configure the IE8 mode via Group Policy if you’re in an 

Active Directory environment. The Group Policy settings (see Figure 2) are basically the same options that you 

can set in the Compatibility View Settings dialog on the browser’s Tools menu 

(see Figure 3)

The bottom line for organizations is that they should test internal and external web pages for IE8 compatibility, 

and then make Group Policy settings and/or modify internal web pages accordingly. If the Web pages you use 

seem to work fine with IE8 in Standards Mode, then you don’t need to deal with Compatibility View, but it’s nice 

to have it there if you need it. 

4. Windows Touch Needs Expensive Hardware 

Anybody who has used an iPhone has a pretty good idea of what Windows Touch gives you in Windows 7 

equipped with a compatible touch-sensitive screen: zoom in by putting down two fingers and spreading them 

apart, zoom out by doing the opposite. You can also perform rotation, “right-clicking” and a variety of other 

commands with Windows Touch. 

Touch screens are undeniably cool, but most IT people I know are skeptics of their appeal for most users. The 

smartboard-style touch devices (think John King’s US presidential election coverage on CNN) are great for pre- 

sentations, but impractically large for daily computing. On the other end of the size scale, the iPhone is generally 

regarded as having a good touch screen, but it doesn’t work well for someone with big fingertips. Microsoft 

has changed the sizes of certain buttons and icons in the touch interface to make them more “finger-friendly,” 

which moves in the right direction. 

If you want to experiment with the touch interface in Windows 7, I highly recommend a “multitouch” computer 

display or laptop, because single-touch systems really don’t tap the power of the interface that Microsoft has 

built. Unfortunately, at least as of this writing, there aren’t many affordable multitouch systems available. I

suspect that for the near future, and for most businesses running common software, the hoopla about Windows 

Touch will prove to be largely irrelevant. 

In a couple of years, though, who knows? Mouse technology has not advanced dramatically in recent years - 

you still can’t buy a mouse that has a really great, smooth feel, like a Mont Blanc rollerball pen, for example; 

and even expensive mice still feel cheap - so maybe we’ll all be using touchscreens once the hardware costs 

come down. They’ve got a long way to go though. 

5. Libraries Will Require Training 

Here is another much-touted feature. The overall concept is that a “library” is a collection of related documents, 

which may be scattered about in various different folders. You can think of a library as a set of folders that are 

logically related but not necessarily physically related. (For those of you who remember reading about WinFS, 

Windows Future Storage, a few years ago, the Windows 7 “library” has some of the same philosophical basis. 

It’s also conceptually related to DFS, the Distributed File System.) 

The Windows 7 beta testers seemed to be of different minds when it came to the Libraries concept. Some of 

them felt that it was a great feature for easily viewing the contents of multiple folders. (The most common 

example is simultaneously viewing the user’s own Documents profile folder along with the machine-specific “All 

Users” Documents folder.) Others pointed out that it can give rise to some confusion when creating or saving 

files. For example, when saving a file, Windows 7 tells you that the Library represents multiple folders - but it 

doesn’t show them to you unless you click the Locations link, nor does it give you the opportunity to select 

which of those folders you want to create or save your document into, unless you change the default save loca- 

tion (see Figure 4).

The only thing that seems certain is that organizations are going to need to do some user education if the Li- 

braries feature is to be used successfully. It’s just not intuitive enough for us to be able to assume that users will 

understand it without some guidance. 

6. Backup Is Better 

The venerable NTBACKUP.EXE program went away with Windows Vista, as Microsoft decided that, having a 

few programmers on the payroll, perhaps they could write their own decent backup program. They didn’t really 

succeed in that goal with the Vista version, which did not offer users the ability to select specific files or folders 

to back up. 

The Windows 7 version is still not perfect by a long stretch. For example, when first running the Backup tool, 

you’re prompted where to save your backup - but you can’t specify a network location unless you’re running 

Professional, Ultimate, or Enterprise. And the program wants to set up your backups on a schedule, whether 

that’s what you need or not. 

On the plus side, you can now select individual files or folders to back up (see Figure 5). To be fair, that’s a sig- 

nificant improvement, and possibly just enough to make this applet suitable for business use, where its prede- 

cessor was not. And this tool seems just as fast as it was under Vista, that is to say, very. 

7. Applets Are Growing Up 

I don’t know about you, but when setting up home PCs for my kids, it has always seemed a bit silly that the 

built-in applets that Microsoft ships with Windows were so brain-dead. I know the company is concerned about 

maintaining the profitability of Microsoft Office, but Paint has been an embarrassment for years, and Wordpad 

was not much better. It seemed as though the company put all its applet effort into Media Player and all the 

other applets were left gasping for air. 

I’m glad to report that Windows 7 has given the non-Media Player applets a fresh coat of paint and, in some 

cases, a real structural overhaul as well. WordPad has become a perfectly usable word processor for students 

and professionals who don’t need fancy features; it even “feels” like the Office 2007 applications in terms of the 

user interface. Calculator (see Figure 6) now includes some very practical capabilities, such as unit conversions, 

and even features for programmers and statisticians. Paint is no longer a complete embarrassment (although it 

still lacks the two capabilities I use most, namely contrast and brightness). 

                                      

                 

One can debate whether it is the job of an operating system to include useful applets such as these, but if you’re 

going to do it, make them usable and useful. Microsoft has done some nice work along these lines, and organi- 

zations will want to make sure users know about it, by including some “applet awareness training” as part of 

the migration plan. 

8. Windows 7 Is Huge 

And you thought Vista was a space hog. On the Windows 7 test machine I am using, the OS is using northwards 

of 10 GB not counting hibernation and paging files (see Figure 7). The total goes to 17GB on my system, if you 

do include those files. 

You do get certain benefits from this very large OS. For one 

thing, remember the days in Windows XP when you would 

want to install an optional component, and the operating 

system would ask you to please insert the Windows CD? 

That could be a daunting task in many organizations, given 

the widespread use of imaging software, and preinstalla- 

tion of operating systems by OEMs. You won’t have to worry 

about that with Windows 7; pretty much all the bits you’ll 

need are sitting on the user’s hard drive (although some 

goodies still need to be downloaded from the Net; see the 

discussion of Windows XP Mode above, for example.) 

Another benefit is that in-place version upgrades don’t 

require additional media. Microsoft offers an “Anytime” 

upgrade that basically consists of a new product key, which 

an individual or business can purchase online. All the neces- 

sary bits for the various Windows 7 versions are sitting on 

your hard drive after you install any version. (Interestingly, 

as of this writing, the Anytime upgrade will work with OEM 

versions of Windows 7, too; but individuals and small busi- 

nesses still won’t be able to transfer their OEM Windows                                                                   

7 licenses to different hardware.) Why Microsoft is appar

ently not providing an in-place upgrade to Windows 7 from 

Windows XP is a big mystery to me, and one I certainly hope they will correct before the official launch. Lots of 

companies like a clean install, but in-place upgrades are very convenient for home and small business users who 

may not have the time or expertise to manage an app-and-data migration. 

9. The Versions Are Still Confusing 

When Vista rolled out, many organizations wrestled with which version they should choose. The differences 

between Vista Business, Ultimate, and Enterprise editions could be confusing and complex. Home users wrestled 

with Home Basic versus Home Premium and Ultimate. 

Sorry to say it, but that hasn’t changed with Windows 7. Windows journalist Paul Thurrott (on his Windows Su- 

persite) has put together an impressive tabular summary of the feature differences between Windows 7 Starter 

Edition, but it’s enough to give you a migraine. (Not Paul’s fault, of course!) Corporate IT planners can expect to 

spend many long hours debating the pros and cons (and costs) of the different versions, and Apple can dust off 

one of its old “Mac vs. PC” television advertisements that featured a spinning wheel of Vista versions. 

One bit of good news is that, apparently, companies that do business in Europe will not need to worry about the 

“E” versions of Windows 7 (these are the ones that do not come with IE8 built in). Microsoft announced that 

they will not be releasing these versions and that Europe will get the same versions as the rest of the world. 

10. UAC Is Still a Work in Progress 

User Account Control may well have been the most disliked feature of Windows Vista. Microsoft has tried to 

make it a bit more usable by providing a slider control (see Figure 8), but providing four settings, of which two 

are not recommended, doesn’t really offer much of an improvement. 

Microsoft still has not integrated UAC with the command prompt, either. If you run a CMD session and try to 

do something administrative, UAC does not prompt for elevation, it simply issues a denial (see Figure 9), with a 

spelling error thrown in for free! (OK, this copy is just a Release Candidate, maybe they’ll fix it for RTM.) As with 

Vista, if you think you might perform an administrative operation within a CMD session, you must invoke CMD 

with the “Run as administrator” context menu option.

Finally, the Group Policy settings for UAC remain virtually unchanged, which falls into the category of Large
Missed Opportunity. Giving administrators a much greater degree of control over this feature would have gone
a long way towards removing administrators’ objections to it. Perhaps that is too much to ask for what is really
a “point upgrade,” but Microsoft is calling Windows 7 a new operating system, so perhaps it is not.


Conclusion 

There’s a lot to Windows 7 - as one might expect, in a 17GB operating system! I hope that these ten tidbits will 

either get you off to a good start in your evaluation process, or perhaps suggest one or two areas for examina- 

tion that you might not have thought about before. Warts and all, it looks like Windows 7 has a much better 

chance than Vista did of convincing organizations to upgrade from Windows XP.