In highly secure environments where Smart Cards are the preferred method for authentication, Windows 7 is the system that allows you to use Smart Cards without requiring any specific vendor software. In addition, Windows 7 allows you to fine tune the authentication mechanism through the use of policies. Why Smart Cards? Smart Cards are more secure than other means of authentication such as user names and passwords. They store digital certificates where an administrator can immediately revoke the certificate stored on a lost or stolen Smart Card from the system.
Windows 7 supports different password-based and certificate-based authentication protocols that can be used for both dial-up and VPN connections. Windows 7 first tries to use the most secure authentication protocol that is enabled and then falls back to less secure protocols if they are available.
VPNs allow users to make secure connections to remote networks over the Internet. VPNs create like secure tunnels that allow specific authorized users from the Internet to access corporate internal resources such as, shared folders, printers, databases, etc. In Windows 7 you can configure a connection to use a specific VPN protocol or let Windows automated process. By default, Windows 7 sets the VPN type to Automatic.
How many times users forget their passwords! Authentication issues such as forgotten passwords can be easily resolved in a network environment with domain controllers. A domain administrator can perform a password reset for the user’s account from Active Directory while a local administrator can use the Users node of the Computer Management console or using the Manage Accounts option within the Users Accounts control panel. It is important to note that changing a user password will make the user lose access to all EFS-encrypted files, personal certificates and stored passwords for web sites or network resources. In order to be able to recover these files, users need to have a backed up copy of the EFS key or through the EFS recovery agent if one is configured on the computer. If passwords and certificates were backed up then restoring the Windows Vault may help you recover some items.
Password Reset Disks can be created using universal serial bus (USB) storage devices. The weakness of password reset disks is that users need to be well accustomed as to keep these disks update whenever they create new users or change their passwords. Apart from this, users need to store these disks in a locked location as anyone in possession of this disk can gain access to the user’s files.