Another feature that requires both Windows 7 and Windows Server 2008 R2, its name pretty much describes the function. People at branch offices usually access data that may not be held locally. In fact, the branches may not even have a local server. The norm today is for a user to access a file that then comes across the WAN connection to the branch office (which may already be at its bandwidth limitations). That process repeats whenever a user accesses the file, which may come across the connection 5, 10, even 20 times.
BranchCache caches data locally, so if a branch-based user accesses content from the main headquarters and another user at the branch tries to access that same content, it is made available faster and with less network usage via that local cache.
You can set BranchCache to work in one of two modes. The first is Hosted Cache mode, where the server itself retains the cached files. The second is Distributed Cache mode, where clients retain copies of the cached files (the server still has the roles of ensuring that the latest versions of the files are provisioned and that the permissions for accessing those files is maintained). To use this feature, you will need various forms of security technology in place, such as SSL, SMB Signing, and IPsec.
Windows 7 includes a removable drive encryption feature that extends BitLocker's reach beyond local hard drives (Vista SP1 already extended its reach from the system drive to nonsystem partitions) and out into the USB-based device world. Although BitLocker-to-Go functions without Windows Server 2008 R2, the two work well together in the enterprise environment because Group Policy can force users to run BitLocker on removable drives plugged into systems on the network. Group Policy also lets you block the use of non-encrypted drives. The recovery key can be stored in Active Directory as well, simplifying management.
Windows 7 and Windows Server 2008 R2 replace the Software Restriction Policy feature (to identify and control which applications can run on a system using a variety of simple methods such as the file name, path location, and/or hash calculation). AppLocker provides new levels of control that can protect your environment.
Although you can use the Local Security policy to work with AppLocker, it will perform better through Group Policy. You can create rules and exceptions with a simple slider that allows you to dial up or down (up being more lenient, down being stricter) the level of control.