There are only two real editions of Windows 7 and 8 that you can run in your organization: Professional and Enterprise. After all, it is pretty hard to manage a machine that can’t join the domain! You would think that the choice would be easy right? Just load Professional, miss out on a few features that “no one uses” and go on with your day. Thinking that would be a mistake! So why choose Windows Enterprise? Here are 3 reasons:
Enterprise Means No More Viruses
AppLocker, available in Windows 7 and Windows 8, is the best addition to Windows since User Account Control! AppLocker, essentially Software Restriction Policies on steroids, allows you to globally whitelist or blacklist applications based on signatures, paths, or file hash’s.
In our environment, we use AppLocker to only allow programs to run if they exist in Windows or Program Files. Because only administrators can write to these locations and 99% of software runs from these locations, viruses/malware can’t be installed or ran by standard users. Further, users can’t bring in applications on their thumb drives or download stand alone applications like Firefox or Chrome. Because of this, we were able to cut our expensive anti-virus solution and purchase System Center with the extra money!
If you don’t believe me, read what Greg Shield (MVP and writer for TechNet) said about AppLocker.
Enterprise Turns Stolen Laptops into Paperweights
BitLocker, a hardware level encryption technology, allows for you to protect mobile or sensitive devices from being stolen. Without BitLocker, a thief can’t really get into your missing domain machines. However, they can load the hard drive as a second drive on another machine and possibly access sensitive data. A thief could also wipe the machine, reinstall an OS, and use it like a personal device. A machine running BitLocker (coupled with a BIOS that is protected and secured) prevents thieves from doing this. This bonus only applies to Windows 7 Enterprise. Windows 8 Pro and Enterprise support BitLocker.
Enterprise Applies Everywhere
Ever have a user call you from a conference or an offsite meeting? They need something installed/updated/etc. Something that you could do in a few minutes if they were back onsite. Unfortunately for them, they aren’t running Enterprise and you can’t run DirectAccess. With DirectAccess, your domain extends to the internet! Meaning that machines offsite can process Group Policy, application deployments, and security settings as if they are connected internally.
DirectAccess, really a seamless VPN, automatically connects computers to your network using IPsec tunnels and IPv6. If you are on Server 2012, DirectAccess is even easier as the stringent IPv6 requirements are relaxed. Once configured, users can connect to internal resources effortlessly when an internet connection is available.
Why Choose Windows Enterprise? Now you know…
Those are my three big reasons why you should be running WindowEnterprise! Each technology, AppLocker, BitLocker, and DirectAccess, solves a unique IT problem that is commonly seen as unsolvable. Windows Enterprise also includes several other technologies with some awesome functions. As examples, BranchCache can work wonders for your slow WAN links and Windows To Go allows you to carry your entire Windows machine on a bootable flash drive. You can read about all of the Windows 8 features here. So, have you changed your mind about what OS your organization will support? If you are still sticking with Professional on your next deployment, why?
Special thanks to David Pittman updating me on the Server 2012 DirectAccess requirements.