Novell Doc: ZENworks Endpoint Security Management 4.1 Administration Guide - Security Client Differences Based on Windows Version

16.2 Security Client Differences Based on Windows Version

The Security Client runs on Windows 2000, Windows XP, Windows Vista, and Windows 7 (see System Requirements in the ZENworks Endpoint Security Management 4.1 Installation Guide for detailed version requirements). However, because of differences in these versions of the Windows operating system, not all features are supported on all versions. The following table lists the feature support for each Windows version.

		Windows 2000					Windows XP					Windows Vista/7
LOCATION AWARENESS
	Enforce security policy settings by location
	Allow manual location change
	Allow saving of network environment to associate network environment with current location
	Allow manual change of firewall settings (if multiple firewall settings exist)
CLIENT SELF DEFENSE
	Require an uninstall Password
	Block the termination of client processes via Task Manager
	Block the stopping/pausing of the client via Service Manager
	Protect client files and registry entries
	Automatically rebind of the NDIS filter driver
STORAGE DEVICE CONTROL
	Control optical writer (CD/DVD) access (R, R/W, no access)
	Control floppy drive access (R, R/W, no access)
	Control AutoPlay/AutoRun access
	Control removable storage device access (R, R/W, no access)
	Create removable storage device approval lists
WIRELESS CONTROL
	Enforce wireless card (adapter) approval lists
	Disable wireless transmissions by disabling all wireless cards (adapters)
	Block wireless connections but keep Wi-Fi radio active
	Disable wireless transmissions when wired
	Disable ad hoc wireless connections
	Disable adapter bridging
	Automate WEP pre-shared key distribution for access points
	Filter and prohibit access points
	Enforce connection preference based on access point security levels or signal strengths
DATA ENCRYPTION
	Provide a “safe harbor” encrypted folder on fixed disks
	Encrypt the “My Documents” folder
	Enable user-defined encrypted folders on fixed disks
	Encrypt removable storage devices
	Share password-protected encrypted files by using administrator-distributed decryption utility
FIREWALL PROTECTION
	Set default behavior to open, closed, or stateful
	Enforce TCP/UDP ports and protocols access rules
	Enforce access control lists (ACLs) for IP and MAC addresses.
	Allow multiple firewall settings within a location
	Allow manual change of firewall setting within a location
VPN ENFORCEMENT
	Require and automate launch of a VPN client based on location
	Enforce VPN authentication timeouts
	Control wired, wireless, and dial-up adapter access
APPLICATION CONTROL
	Block application execution
	Block application access to Internet
COMMUNICATION HARDWARE CONTROL
	Control access to 1394 (FireWire), irDA (infrared), Bluetooth, and Serial/Parallel communication
	Control wired communication, including enforcement of wired adapter approval list
	Control dialup (modem) communication, including enforcement of dialup adapter approval list
	Enforce wireless adapter approval list
USB CONNECTIVITY
	Control access based on USB device groups (mass storage, printers, etc.)
	Control access to individual devices
CLIENT UPDATE
	Enforce Security Client update policy
INTEGRITY AND REMEDIATION
	Verify that required antivirus and spyware software is running and up to date.
	Enforce remediation proceduresif software fails verification
	Support advanced scripting for softwre integrity checks and remediation
COMPLIANCE REPORTING AND ALERTS
	Supply data to Management Console for reporting on security policy compliance
	Supply data to Management Console for monitoring of security threats