Hands On: A Hard Look at Windows Vista

Now that it's gold, here's an inside look at the best and the worst of Windows Vista

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Page 13
Page 13 of 18

Windows Preinstall Environment (Windows PE)

Windows PE replaces MS-DOS as a preinstallation environment, and includes a variety of tools and features that make it easier to deploy Windows Vista. It's built from Windows Vista components, and therefore can run graphically and run many Vista applications. It allows for a highly automated deployment process, and can work in concert with WIM to help enterprises deploy Windows Vista. Under Windows XP, Windows PE was available only to Microsoft Software Assurance customers, but under Vista it's available to all corporate customers.

Application Compatibility Toolkit (ACT) 5.0

One of the most difficult tasks for businesses is getting a handle on all their installed applications. Vista's ACT 5.0 is designed to help organizations herd these cats with tools to identify installed applications, collect system information and pinpoint compatibility issues with User Account Control.

Improved trouble warning, diagnostics and recovery

Vista ties together several underlying technologies with software that, if it works as billed, could cut down on help-desk support issues. The operating system offers improved automatic recovery, diagnostics, a new recovery environment with a start-up repair tool and monitoring-notification systems that companies can configure to send an SOS to IT help desk operations before a drive fails or whenever a device driver is causing instability. The revised event log and task manager should help IT personnel diagnose problems more readily.

Address Space Layout Randomization (ASLR)

This cool techie security feature makes it more difficult for malicious code to locate and exploit system functions. When any system is rebooted, ASLR randomly assigns DLLs, EXEs and other executable images to one of 256 possible memory locations.

Network Access Protection (NAP) service

Network administrators will welcome the Network Access Protection service, which works in concert with Windows Longhorn Server, Vista and XP. It lets IT managers set security standards that all computers must meet before a server allows them to connect to a network, such as having up-to-date virus definitions. If a computer doesn't meet the standards, the network connection is refused.

Simplified deployment of network security settings

Network administrators can deploy and manage security settings that combine Windows Firewall and Internet Protocol security (IPsec) using a single wizard-driven interface.

Native IPv6 support

Vista natively supports IPv6, the next generation version of Internet Protocol. IPv6 offers not only a larger networking address space, but other benefits as well, such as better network-layer security, support for multicasting, automatic configuration of hosts and better support for quality of service. Today this doesn't mean much. In the next few years, though, it will, because IPv6 will increasingly be used by corporations and government agencies.

BitLocker Drive Encryption

Enterprises that care about security will be pleased with the new BitLocker Drive Encryption, a hardware-based method of encrypting all data on a PC using the Advanced Encryption Standard (AES) with 128 or 256-bit keys. It's primarily designed to be used with laptops, so that if one is stolen, the data on it will not be able to be read by a thief. Even start-up and log-on information is encrypted, so that the laptop won't even be able to be started. Given that nearly every week a laptop is stolen or lost that contains private information, this will be welcomed by any corporations that have sensitive data.

BitLocker is designed to be used in concert with hardware that conforms to the Trusted Platform Module (TPM), which uses an embedded microchip to store encryption keys. The hardware must include a Version 1.2 or higher TPM and use a Trusted Computing Group-compliant BIOS.

BitLocker can also be used with non-TPM hardware by using a USB flash drive to store an encryption key. In theory, that may be true. In our experience, though, it's not that simple to do, and some users have reported problems with doing this. So enterprises should be forewarned to use BitLocker only on TPM-compatible hardware.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Page 13
Page 13 of 18
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon