Slide1: Troy Sharpe Technology Specialist | Microsoft Corporation
Agenda: Agenda
Volume Activation: Volume Activation
Slide4:
*Official* Guidance on Windows Vista Hardware: Windows Vista Capable:
A modern processor (at least 800MHz)
512 MB of system memory
A graphics processor that is DirectX 9 capable Windows Vista Premium:
1 GHz 32-bit (x86) or 64-bit (x64) processor
1 GB of system memory
128 MB of graphics memory
40 GB of hard drive capacity with 15 GB free space
DVD-ROM Drive
Audio output capability
Internet access capability *Official* Guidance on Windows Vista Hardware
Vista Deployment Goals: Vista Deployment Goals
SysPrep: SysPrep
WIM Image Format: WIM Image Format
WIM Image Format (Con’t): WIM Image Format (Con’t)
Tools and Technology: Tools and Technology
Windows PE Overview: Windows PE Overview
Unattend.xml file information: Unattend.xml file information
System Image Manager: System Image Manager
WAIK: WAIK Windows Automated Installation Kit
Available from download.microsoft.com
Contains ImageX, WinPE, SIM, updates for Server 2k3 to run WDS, etc.
User Account Control: User Account Control Goal: Allow businesses to move to a better-managed desktop and consumers to use parental controls
Make the system work well for standard users
Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks
High application compatibility
Make it clear when elevation to admin is required and allow that to happen in-place without logging off
High application compatibility with file/registry virtualization
Administrators use full privilege only for administrative tasks or applications
User provides explicit consent before using elevated privilege
Why: User Account Control: Why: User Account Control OS is at risk from malware when user is running as Administrator
Ease with which malware can self-install
Privilege elevation through security holes in software
Extent of damage caused by malware is potentially greater
Accidental damage caused by user
How: User Account Control: How: User Account Control With Windows Vista, all users run as Standard User by default, including members of Admin group
Only true for interactive logins; services continue to run as before in Windows XP
Two tokens are created at logon (split token)
Standard User Token
Administrator SID set as Deny Only (can still be used to deny access, but not to grant)
Runs with medium integrity level (IL)
Most privileges removed
Administrator Token
Administrator SID has all rights assigned
Runs with high integrity level (IL)
All privileges are present
How: User Account Control (cont.): How: User Account Control (cont.) Standard User Token is used until explicit consent is given, then Administrator Token is used (Consent UI)
Supporting feature: Unnecessary Administrator checks (in XP) have been removed
Example: Change time zone
Application Compatibility: Application Compatibility Download and run the Windows Vista Hardware Assessment Tool
Download and learn the Application Compatibility Toolkit
Deploy the ACT 5.0 evaluators in your current environment
Inventory, analyze, rationalize, and prioritize your application portfolio
Keep your software inventory up to date with current versions of vendor products
Set up an application testing environment for Windows Vista
Participate in the Online Compatibility Exchange
Participate in the Application Compatibility newsgroups
Understand the technical compatibility issues with Windows Vista and determine the degree to which they affect your applications
Review the Application Compatibility Cookbook
Application Compatibility Toolkit V5.0: Analyze your portfolio of Applications, Web Sites, and Computers
Evaluate operating system deployments or impact of operating system updates
Centrally manage compatibility evaluators and configuration settings
Rationalize and Organize by Applications, Web Sites, and Computers
Prioritize compatibility efforts with filtered reporting
Add and manage issues and solutions for your personal computing environment
Deploy automated mitigations to known compatibility issues
Send/Receive compatibility information to Online Compatibility Exchange
Application Compatibility Toolkit V5.0
Windows Vista Upgrade Advisor: Windows Vista Upgrade Advisor Easy-to-understand report of:
Known system issues
Device compatibility issues
Application compatibility issues
Virtualization: Virtualization
Subsystem for UNIX Application (SUA): Subsystem for UNIX Application (SUA)
Group Policy: Group Policy
Windows Defender: Windows Defender Improved Detection and Removal
Redesigned and Simplified User Interface
Protection for all users
Windows Vista Firewall: Windows Vista Firewall Combined firewall and IPsec management
New management tools – Windows Firewall with Advanced Security MMC snap-in
Reduces conflicts and coordination overhead between technologies
Firewall rules become more intelligent
Specify security requirements such as authentication and encryption
Specify Active Directory computer or user groups
Outbound filtering
Enterprise management feature – not for consumers
Simplified protection policy reduces management overhead
BitLocker™ Drive Encryption : BitLocker™ Drive Encryption
Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections
Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating Ssystem
Uses a v1.2 TPM or USB flash drive for key storage BitLocker
Spectrum Of Protection: BDE offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with. Spectrum Of Protection
Windows Vista Information Protection: Windows Vista Information Protection Who are you protecting against?
Other users or administrators on the machine? EFS
Unauthorized users with physical access? BitLocker™ Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)
Recovery Options: Recovery Options BitLocker™ setup will automatically escrow keys and passwords into AD
Centralized storage/management keys (EA SKU)
Setup may also try (based on policy) to backup keys and passwords onto a USB dongle or to a file location
Default for non-domain-joined users
Option for web service-based key escrow
Recovery password known by the user/administrator
Recovery can occur 'in the field'
Windows operation can continue as normal
Everything Else: Everything Else
Slide32: © 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Questions?
Slide33: © 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Slide34: © 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.