snydeq writes "InfoWorld's Roger Grimes has compiled a comprehensive guide for securing Windows 7 at most organizations. Grimes pays particular attention to Windows 7's AppLocker application-control feature, which 'may be a Windows shop's most practical and affordable way to combat socially engineered Trojan malware.' The guide includes configuration recommendations for BitLocker Drive Encryption and Virtual Service Accounts, and covers use of new cryptography features and User Access Control. 'Software makers routinely sacrifice some security for the sake of usability, and Microsoft is no exception. I've built a career on teaching people how to harden Microsoft Windows over its default state. But with Windows 7, most of that old advice is no longer necessary. Microsoft now delivers a product that is significantly more secure out of the box. Administrators don't have to download NSA security templates or modify the system in any way to make users fairly secure from the start. In most cases, they simply need to know what security capabilities Microsoft provides and how to put them to work.'"
Link to Original Source