Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Enterprise Dish|Podcasts|Windows 10|Windows 7|Windows Client OS

Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios

On this edition of the Enterprise Dish, we dive into working with the complexities of upgrading uncommon Windows 7 devices, the new ‘wormable’ Windows exploits, and a little bit about blackberries too.

You can find Aaron on Twitter and learn more about SmartDeploy, here.

Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Subscribe iTunes | Google Play | YouTube | RSS

Listen now and subscribe on

Also On: RSS |

Episode 69

The IT Pro Pep Talk

Episode 100

Who is Running LTSC?

Episode 101

The HAFNIUM Challenge


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (2)

2 responses to “Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios”

  1. Ivan

    Hi Brad,

    I listened to your show yesterday "Enterprise Dish: How to Address Windows 7 Outlier Upgrade Scenarios". It was a great topic and I think one of your best podcasts as you are starting to get more detailed (which I like) and covering enterprise topics and challenges. To my surprise I found myself wanting to interject a few times when discussing the listener question from Aaron. As I couldn't 'chime in' I thought I'd jot down a few points that I feel were not covered.

    1. Cost prohibitive. You mentioned this already, but keep in mind that the upgrades create none or minimal business value.

    This means there are organisations that rely on technology to survive, but would not necessarily survive if they had to buy new technology. For example, some people buy used cars because it does the job, but not as safe or comfortable or potentially reliable as a new car.

    They only reduce risk, which can be minimised using other approaches.

    2. Vendor constraint. Many vendors do not offer upgrades or have dissolved.

    3. Vendor knowledge / interest in security. Vendors in the past have not leveraged capabilities in Windows to reduce risk for its customers.

    Some practical methods to secure these devices in no particular order:

    1. Use Microsoft Security Compliance Toolkit or Microsoft Security Compliance Manager to reduce threat profile of machine, and disable unused services and features. This approach requires application testing as it may disable components the application requires.

    2. Configure AppLocker to only allow the existing executables on machine to run. This allows you to whitelist applications to greatly reduce risk. Search for Aaronlocker for details on how to apply this with last amount of effort for best results.

    3. Disable PowerShell and Windows Scripting Host (vbs scripts) from running using Group Policies.

    4. Disable internet access on machine. Don't let users navigate to any Web resources that are not approved. Generally this should be done at the network layer. (This should be step no 1)

    5. Isolate the machine on another VLAN. This needs to be combined with restrictions that blocks all inbound traffic and allows only what it needs. All to often networks are segregated on different vlans but they still have full access to many resources.

    6. Use an ATP client like Microsoft Defender ATP to get insight into what applications are running and alerts on anonymous behaviour.

    7. Updates on all software, and simply uninstall any software that is not used. Reduce your forgotten to begin with.

    Thanks and regards,


Leave a Reply

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By