Getting ready to deploy Windows 7 on the corporate desktop

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

With Windows 7 (and Server 2008 R2) now released to manufacturing and availability dates published, what does this really mean for companies looking to upgrade their desktop operating system? I’ve previously written about new features in Windows Server 2008 R2 (part 1 and part 2) but now I want to take a look at the Windows client.

Whilst I still maintain that Windows Vista was not as bad as it was made out to be (especially after service pack 1, which contained more driver resolutions and compatibility updates than security fixes), it was a classic case of “mud sticks” and, in the words of one Microsoft representative at a public event this week:

“Windows Vista maybe wasn’t as well received as [Microsoft] had hoped.”

The press was less harsh on Windows Server 2008 (which is closely related to Vista) but, with the new releases (Windows 7 and Windows Server 2008 R2), reaction from the IT press and from industry analysts has been extremely positive. In part, that’s because Windows 7 represents a “minor” update. By this I mean that, whilst Vista had deep changes (which contributed to it’s unpopularity) with new models for security, drivers, deployment and networking, Windows 7 continues with the same underlying architecture (so most software that runs on Vista will run on 7 – the exceptions are products that are deeply integrated with the operating system such as security products – and hardware that runs Vista well will run 7 Windows 7 well).

Indeed, under Steven Sinofsky‘s watch, with Windows 7 Microsoft has followed new approach for development and disclosure including:

  • Increased planning – analysing trends and needs before building features.
  • Providing customers and partners with predictability – a new operating system every 3 years.
  • Working on the ecosystem – with early partner engagement (ISVs and IHVs have plenty of time to get ready – including a program for ISVs to achieve a “green light” for application compatibility – and the other side or the coin, for those of us looking for suitable hardware and software, is the Ready Set 7 site.).

Having said that Windows 7 is a minor update, it does include some major improvements. Indeed, some might say (I believe that Mark Russinovich was one of them) that if you got back to a previous product version and miss the features then it was a major release. In no particular order, here are of some of the features that Microsoft is showing off for Windows 7 (there are many more too):

  • Superbar amalgamates the previous functions of the Taskbar and the Quicklaunch bar and includes larger icons to accommodate touch screen activities (Windows 7 includes multitouch support).
  • Live preview of running applications (not just when task switching but from the superbar too).
  • Jumplists – right click on a superbar icon to pin it to the superbar – even individual files.
  • No more Windows sidebar – gadgets can be anywhere on the desktop and are isolated from one another so if they crash they do not impact the rest of system.
  • Aero user interface improvements: Aero Peek to quickly look at the desktop; Aero Snap to quickly arrange windows such as when comparing and contrast document contents; Aero Shake to minimise all other open windows.
  • The ability to cut and paste from document previews.
  • The ability to deploy a single, hardware agnostic image for all PCs.
  • Group policy improvements to control USB device usage (no more epoxy resin to glue up USB ports!).
  • BitLocker To Go – encrypt the contents of USB sticks, including the ability to read the contents from downlevel operating systems based on a one-time password.
  • Integrated search shows where results come from too (e.g. Programs, OneNote, Outlook, etc.) and only indexes in quiet time. Search Federation extends this to include SharePoint sites and other corporate resources.
  • DirectAccess, point to point authentication for access to corporate resources (e.g. intranet sites) from anywhere including intelligent routing to identify corporate traffic and separate it from Internet-bound traffic avoid sending all traffic across the VPN.
  • BranchCache – locally cache copies of files, and share on a peer-to-peer basis (or, as my colleague Dave Saxon recently described it, “Microsoft’s version of BitTorrent”).
  • AppLocker – create whitelists or blacklists of approved software, including versions.
  • Problem Steps Wizard – record details of problems and send the results for diagnosis, or use to create walkthrough guides, etc.
  • Action Center – one stop shop for PC health.
  • User Access Control (UAC) warnings reduced.

All of this is nice but, faced with the prospect of spending a not-inconsiderable sum of money on an operating system upgrade, features alone are probably not enough! So, why should I deploy a new Windows operating system? Because, for many organisations, the old one (and I mean Windows XP, not Vista) is no longer “good enough”. It’s already on extended support, lacks some features that are required to support modern ways of working, was designed for an era when security was less of a concern and will be retired soon. So, if I’m an IT manager looking at a strategy for the desktop, my choices might include:

  • Do nothing. Possible, but increasingly risky once the operating system stops receiving security updates and manufacturers stop producing drivers for new hardware.
  • Stop using PCs and move to server based computing? This might work in some use cases, but unlikely to be a universal solution for reasons of mobility and application compatibility.
  • Move to a different operating system – maybe Linux or Mac OS X? Both of these have their relative merits but, deep down, Windows, Linux and Mac OS X all provide roughly the same functionality and if moving from XP to Vista was disruptive from an application compatibility standpoint, moving to a Unix-based OS is likely to be more so.
  • Deploy a new version of Windows – either Vista (which is not a bad way to get ready for 7) or 7.
  • Wait a bit longer and deploy Windows 8. That doesn’t leave a whole lot of time to move from XP and the transition is likely to be more complex (jumping forward by three operating system releases).

Assuming I choose to move to Windows 7, there are several versions available but, unlike with Vista, each is a superset of the features in the version below (and Enterprise/Ultimate are identical – just targetted at different markets). For businesses, there are only two versions that are relevant: Professional and Enterprise – and Enterprise is only available as a Software Assurance (SA) benefit. If you don’t have a suitable volume licensing agreement, Professional the only real choice (saving money by buying Home Premium is unlikely to be cost-effective as it lacks functionality like the ability to join a domain, or licensing support for virtualisation – and purchasing Ultimate Edition at full packaged product price is expensive).

There are some Enterprise/Ultimate features that are not available in the Professional Edition, most notably DirectAccess, BranchCache, Search Federation, BitLocker, BitLocker To Go, and AppLocker. Some of these also require a Windows Server 2008 R2 back end (e.g. DirectAccess and BranchCache).

In Europe, things are a little more complicated – thanks to the EU – and we’re still waiting to hear the full details of what that means (e.g. can an organisation deploy a build based on E Edition outside Europe, or deploy a build within the EU based on a “normal” editions sourced from outside Europe and remain supported).

The other variant is 32- or 64-bit. With the exception of some low-end PCs, almost every PC that we buy today is 64-bit capable, 64-bit drivers are available for most devices (I’ve had no problems getting 64-bit drivers for the Windows 7 notebook that I use ever day) and many 32-bit applications will run on a 64-bit platform. Having said that, if all the PCs you buy have between 2 and 4GB of RAM, then there is not a huge advantage. If you are looking to the future, or running applications that can use additional RAM (on hardware that can support it), then 64-bit Windows is now a viable option. Whilst on the subject of hardware, if you are considering Windows XP Mode as a possible application compatibility workaround, then you will also need hardware virtualisation support and hardware DEP. Steve Gibson’s Securable utility is a handy piece of freeware to check that the necessary features are supported on your hardware.

Whilst on the subject of virtualisation, there are four options (from Microsoft – third party solutions are also available):

  • The much-hyped Windows XP Mode. Great for small businesses but lacks the management tools for enterprise deployment and beware that each virtual machine will also require its own antivirus and management agents – which may be potentially expensive if it’s just to run one or two applications that should really be dragged kicking and screaming into the 21st century.
  • Microsoft Enterprise Desktop Virtualisation (MED-V). This is the former Kidaro product and appears to be a good solution for running legacy applications isolated at the operating system level but it still involves managing a second operating system instance and is part of the Microsoft Desktop Optimisation Pack (MDOP) so is only available to customers with SA.
  • Microsoft Application Virtualization (App-V). A popular solution for application-level isolation but requires applications to be repackaged (with consequential support implications) and also only available as part of MDOP.
  • Virtual desktop infrastructure (VDI). Whilst the concept may initially appear attractive, it’s not an inexpensive option (and without careful management may actually increase costs), Microsoft’s desktop broker (Remote Desktop Services) is new in Windows Server 2008 R2 and, crucially for partners, there is no sensible means of licensing this in a managed service context.

The main reason for highlighting virtualisation options in a Windows 7 post is that Windows XP Mode is being held up as a great way to deal with application compatibility issues. It is good but it’s also worth remembering that it’s a sticking plaster solution and the real answer is to look at why the applications don’t work in the first place. Which brings me onto application compatibility.

Even for those of us who are not developers, there are three ways to approach application compatibility in Windows 7:

  • Windows 7’s Program Compatibility wizard can be used to make simple changes to an application’s configuration and make it work (e.g. skip a version check, run in compatibility mode, etc.)
  • Application Compatibility Toolkit (ACT) 5.5 contains tools and documentation to evaluate and mitigate application compatibility issues for Windows Vista, Windows 7, Windows Update, or Windows Internet Explorer (e.g. shims to resolve known issues) – there are also third party tools from companies like ChangeBASE.
  • Windows XP Mode. For those applications that simply refuse to run on Windows 7 but certainly not a solution for organisations trying to shoehorn Windows 7 onto existing hardware and upgrade at minimal cost.

After deciding what to move to, deployment is a major consideration. The Microsoft Deployment Toolkit (MDT) and Windows Automated Installation Kit (WAIK) have both been updated for Windows 7 and can be used together to deploy a fresh operating system installation together with applications and migrate the user data. There is no in-place upgrade path for Windows XP users (or for Windows 7 customers in Europe) and I was amazed at the number of Microsoft partners in the SMB space who were complaining about this at a recent event but a clean installation is the preferred choice for many organisations, allowing a known state to be achieved and avoiding problems when each PC is slightly different to the next and has its own little nuances.

I think I’ve covered most of the bases here: some of the new features; product editions; hardware and software requirements; application compatibility; virtualisation; deployment. What should be the next steps?

Well, firstly, although the release candidate will work through to June next year, wait a couple of weeks and get hold of the RTM bits. Then test, test, and test again before deploying internally (to a select group of users) and start to build skills in preparation for mass deployment.

As for the future – Microsoft has publicly committed to a new client release every 3 years (it’s not clear whether server releases will remain on a 2 year major/minor schedule) so you should expect to see Windows 8 around this time in 2012.

2 thoughts on “Getting ready to deploy Windows 7 on the corporate desktop

  1. You may think this is a twisted way of looking at it, but in the company I work for the new Windows 7 and Server 2008 releases are the very things that are likely to keep us running on XP, Vista and Server 2003.
    While a lot of the new features are appealing the licensing cost rules out upgrading. If OEMs ship new PCs the same way they shipped Vista then Windows 7 Pro will be installed. So if I want some the loudest trumpeted features such as bitlocker or direct access. the company would need to pay for Windows 7 Enterprise on SA, Server 2008 R2 and Server 2008 CALs.
    Just not going to happen like that. So looks like another piecemeal upgrade as PCs go through a hardware refresh. Servers are now virtualised so no hardware refresh for them, stuck on Server 2003. Can’t upgrade just one server, would need to buy a few hundred CALs.

  2. @Mark – I understand completely where you are coming from. I’m intimately acquanted with a company that opted out of it’s EA to save money and is having exactly the problems you describe.

    Ultimately, it’s up to IT Directors to decide their strategy and plan accordingly (including to upgrade or not), ensuring that there is adequate budget for licensing (new features do not come for free!).

    This is why Microsoft has not committed to a new OS every 3 years – in order to ensure that customers can see some value in Software Assurance (which has many ancilliary benefits – like MDOP – but for which people really only think about their upgrade rights).

    Many of us will still struggle to come up with a business case for Windows 7/Server 2008 R2 but, for those who avoided Vista (and ther are a lot of them), justifying the benefits (e.g. business users pushing back because they want a better remote access solution) will be a lot easier as their aging XP and 2003-based infrastructure goes out of support over the next few years.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.