Enterprise Dish|Podcasts|Windows 10|Windows 7|Windows Client OS

Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios

On this edition of the Enterprise Dish, we dive into working with the complexities of upgrading uncommon Windows 7 devices, the new ‘wormable’ Windows exploits, and a little bit about blackberries too.

You can find Aaron on Twitter and learn more about SmartDeploy, here.

Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Subscribe iTunes | Google Play | YouTube | RSS

Listen now and subscribe on

Also On: RSS |

Episode 69

The IT Pro Pep Talk

Episode 100

Who is Running LTSC?

Episode 101

The HAFNIUM Challenge


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (2)

2 responses to “Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios”

  1. <p>Hi Brad, </p><p>I listened to your show yesterday "Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios". It was a great topic and I think one of your best podcasts as you are starting to get more detailed (which I like) and covering enterprise topics and challenges. To my surprise I found myself wanting to interject a few times when discussing the listener question from Aaron. As I couldn't 'chime in' I thought I'd jot down a few points that I feel were not covered. </p><p><br></p><p>1. Cost prohibitive. You mentioned this already, but keep in mind that the upgrades create none or minimal business value. </p><p>This means there are organisations that rely on technology to survive, but would not necessarily survive if they had to buy new technology. For example, some people buy used cars because it does the job, but not as safe or comfortable or potentially reliable as a new car.</p><p>They only reduce risk, which can be minimised using other approaches.</p><p>2. Vendor constraint. Many vendors do not offer upgrades or have dissolved. </p><p>3. Vendor knowledge / interest in security. Vendors in the past have not leveraged capabilities in Windows to reduce risk for its customers. </p><p><br></p><p>Some practical methods to secure these devices in no particular order:</p><p>1. Use Microsoft Security Compliance Toolkit or Microsoft Security Compliance Manager to reduce threat profile of machine, and disable unused services and features. This approach requires application testing as it may disable components the application requires.</p><p>2. Configure AppLocker to only allow the existing executables on machine to run. This allows you to whitelist applications to greatly reduce risk. Search for Aaronlocker for details on how to apply this with last amount of effort for best results.</p><p>3. Disable PowerShell and Windows Scripting Host (vbs scripts) from running using Group Policies.</p><p>4. Disable internet access on machine. Don't let users navigate to any Web resources that are not approved. Generally this should be done at the network layer. (This should be step no 1)</p><p>5. Isolate the machine on another VLAN. This needs to be combined with restrictions that blocks all inbound traffic and allows only what it needs. All to often networks are segregated on different vlans but they still have full access to many resources.</p><p>6. Use an ATP client like Microsoft Defender ATP to get insight into what applications are running and alerts on anonymous behaviour.</p><p>7. Updates on all software, and simply uninstall any software that is not used. Reduce your forgotten to begin with.</p><p><br></p><p>Thanks and regards,</p><p>Ivan</p><p><br></p>

    • <blockquote><em><a href="#16417">In reply to Ivan:</a></em></blockquote><p><br></p><p>Thanks for listening, really do appreciate this comment!</p><p><br></p><p>Best,</p><p><br></p><p>Brad</p>

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: