BranchCache
BranchCache extends some of the improvements made in Windows Server 2003 R2 and Windows Server 2008 by caching downloaded information from the Web and intranets sites within a branch office the first time it is requested. Since branch offices often operate on lower-speed Internet links, user productivity is improved as the day goes on since more and more files are present within the cache. In a demo, a document was downloaded over a 512 KB connection, taking about 30 to 45 seconds. After the cache, when another user in the same site requested that information, the transfer was nearly instantaneous. BranchCache works not only with a branch office server but also on a peer-to-peer basis among Windows 7 clients in the same location.
BitLocker to Go
Quick poll: how many USB thumb drives do you think exist within the four walls (or eight, or sixteen, or however many pertain to you) of your organization? I run a small company and I am confident the number is over 100; frankly, I couldn't attempt to remember what kind of information is on each one, or even if I have lost one at some point in time. Consider the security risk that this tiny device represents. With BitLocker to Go, you as the administrator can set policies that require removable drives to be encrypted prior to allowing write access to them. You protect from the beginning, thereby reducing the risk of data loss or theft. The encryption process in most cases seems to take less than a minute and the process can alert the user automatically when she plugs in a not-yet-encrypted drive.
AppLocker
You might recall software restriction policies from Windows XP, a good-hearted but clumsy way for administrators to restrict certain binaries from running on the network. Enter AppLocker, which is exactly what it sounds like: a Group Policy-based way to identify applications that are permitted to run on your infrastructure. You can filter by publisher, which identifies a program's digital signature -- a much easier and more reliable method than a checksum or binary file name. You also get more granular control on the strength of the rule, allowing certain versions or groups of versions (i.e., version 9 or above) to run, much more easily than having to create rules over and over again.