Microsoft QLF-00195 Improved Smart Card Support, Enhanced Audit, Streamlined User Account Control

Improved Smart Card Support

Although password-based authentication has well-understood security limitations, deploying strong authentication technologies remains a challenge for many organizations. Building on the smart card infrastructure advances made in Windows Vista, Windows 7 eases smart card deployment through the support of Plug and Play. The drivers required to support smart cards and smart card readers are auto- matically installed without the need for administrative permissions or user interaction, which helps ease the deployment of strong, two-factor authentication in the enterprise. Also, Windows 7 extends the platform support of PKINIT (RFC 5349) to include ECC-based smart cards, allowing the use of Elliptic Curve-backed certificates on smart cards for Windows Logon.

Enhanced Audit

Windows 7 improves on the audit capabilities provided in Windows Vista, making it easier for organizations to meet regulatory and business requirements. Enhancements include simplified management of audit configurations through integration with Group Policy, reporting on why someone was granted or denied access to specific information, and easier monitoring of the changes made by specific people or groups.

Streamlined User Account Control

We introduced User Account Control (UAC) in Windows Vista to help increase security and improve total cost of ownership by allowing the operating system to be deployed without administrative privileges. Windows 7 continues the investment in UAC with changes that enhance the user experience and give users more control over when UAC prompts are displayed. We’ve reduced the number of operating system applications and tasks that require elevation, so standard users can do more than before while experiencing fewer elevation prompts.

Note: For more information on how UAC in Windows 7 enhances the user experience, please see the “Windows 7 for You” section of this document.

Domain Name System Security Extensions

The Domain Name System (DNS) is an essential protocol that supports many everyday Internet activities, including e-mail delivery, Web browsing, and instant messaging. DNS, however, was designed more than three decades ago, at a time when today’s security concerns couldn’t possibly be anticipated. DNS Secu- rity Extensions (DNSSEC) provide the security services required for today’s Internet. Windows 7 supports DNSSEC as specified in RFCs 4033, 4034, and 4035, giving you greater confidence that domain name records are not being spoofed and helping you protect against malicious activities.