If you look at new desktops and laptops available from Best Buy or Dell you can see that there are some de facto choices made for you depending on the class of the system. Consumer systems come with Windows Home Premium (mostly the 64-bit version), and business systems come with Windows 7 Professional. Large businesses fall into a whole different category with both Microsoft and vendors like Dell, and those systems would come with Windows 7 Enterprise by default.
So, if you are a small or medium business, Windows 7 Professional is ostensibly the version of Windows 7 for you. Windows 7 Professional does have some capabilities that businesses need that you can’t find in Windows Home Premium–support for more system memory and dual physical CPU’s, the ability to join a Windows domain, file encryption with EFS (Encrypting File System), the ability to use Windows XP-mode virtualization, and software policy restrictions. However, it is also missing some important features that small and medium businesses can benefit from.
BitLocker (and BitLocker-to-Go)
Windows 7 Professional provides some data encryption with EFS, but it doesn’t have the ability to protect the entire hard drive with encryption. Windows 7 Ultimate and Windows 7 Enterprise have BitLocker drive encryption which encrypts all data on the entire drive.
Roaming employees often carry gigabytes of sensitive or confidential information on their laptops which can be easily lost or stolen. BitLocker provides secure protection to ensure that unauthorized users are not able to access that data. BitLocker-to-Go provides similar data encryption for USB thumb drives and other portable data storage that are also easily ‘misplaced’.
Employees that work from home, or connect with the company network while traveling are used to the concept of the VPN (Virtual Private Network). The VPN serves its purpose for creating a secure connection between the remote computer and the internal company network across the Internet, but it is far from a perfect solution.
Users have to go through extra steps to connect to the VPN, which is prone to disconnecting. The remote systems and roaming laptops only exist to the internal network when they’re connected. That means they only get software and policy updates when they connect, which makes it difficult for IT administrators to protect and maintain them.
DirectAccess takes the place of the VPN connection and provides a seamless, secure connection between the internal network and the remote systems as long as they have an Internet connection. Users can access resources, and administrators can manage the systems as if they are connected directly to the internal network.
Even some small and medium businesses have multiple locations. Local or regional banking, insurance, or real estate businesses for example often have a central location accompanied by a number of branch offices.
Depending on network connection between the remote sites and the central data center, and the volume and type of data being carried over it, accessing data and applications can be quite slow for the branch locations. It is frustrating to employees and hinders productivity.
Microsoft developed BranchCache to solve that problem. BranchCache improves network efficiency and response time by maintaining a local cache of files and information as it is accessed. Subsequent requests for the information can be retrieved from the local cache rather than being re-transmitted each time from the central office.
Windows Server 2008 R2
There are more features that can be found in Windows 7 Ultimate, but not in Window 7 Professional that small and medium businesses may find valuable, but there is a caveat to these features. Even if the version of Windows 7 that you use is capable of Bitlocker, DirectAccess, or BranchCache, you can’t take advantage of these features without Windows Server 2008 R2 on the server backend.
Not every business needs these features, and even those that do don’t necessarily need them on all systems. Windows 7 Professional may be just fine for desktop systems located at the central office, but laptop systems that roam about, and desktop or laptop systems at remote and branch locations need Windows 7 Ultimate to be able to take advantage of these features.
Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNewsand provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.