Vista Presentation 2007feb06


Presentation Description

No description available.


Presentation Transcript


Troy Sharpe Technology Specialist | Microsoft Corporation



Volume Activation: 

Volume Activation


*Official* Guidance on Windows Vista Hardware: 

Windows Vista Capable: A modern processor (at least 800MHz) 512 MB of system memory A graphics processor that is DirectX 9 capable Windows Vista Premium: 1 GHz 32-bit (x86) or 64-bit (x64) processor 1 GB of system memory 128 MB of graphics memory 40 GB of hard drive capacity with 15 GB free space DVD-ROM Drive Audio output capability Internet access capability *Official* Guidance on Windows Vista Hardware

Vista Deployment Goals: 

Vista Deployment Goals



WIM Image Format: 

WIM Image Format

WIM Image Format (Con’t): 

WIM Image Format (Con’t)

Tools and Technology: 

Tools and Technology

Windows PE Overview: 

Windows PE Overview

Unattend.xml file information: 

Unattend.xml file information

System Image Manager: 

System Image Manager


WAIK Windows Automated Installation Kit Available from Contains ImageX, WinPE, SIM, updates for Server 2k3 to run WDS, etc.

User Account Control: 

User Account Control Goal: Allow businesses to move to a better-managed desktop and consumers to use parental controls Make the system work well for standard users Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks High application compatibility Make it clear when elevation to admin is required and allow that to happen in-place without logging off High application compatibility with file/registry virtualization Administrators use full privilege only for administrative tasks or applications User provides explicit consent before using elevated privilege

Why: User Account Control: 

Why: User Account Control OS is at risk from malware when user is running as Administrator Ease with which malware can self-install Privilege elevation through security holes in software Extent of damage caused by malware is potentially greater Accidental damage caused by user

How: User Account Control: 

How: User Account Control With Windows Vista, all users run as Standard User by default, including members of Admin group Only true for interactive logins; services continue to run as before in Windows XP Two tokens are created at logon (split token) Standard User Token Administrator SID set as Deny Only (can still be used to deny access, but not to grant) Runs with medium integrity level (IL) Most privileges removed Administrator Token Administrator SID has all rights assigned Runs with high integrity level (IL) All privileges are present

How: User Account Control (cont.): 

How: User Account Control (cont.) Standard User Token is used until explicit consent is given, then Administrator Token is used (Consent UI) Supporting feature: Unnecessary Administrator checks (in XP) have been removed Example: Change time zone

Application Compatibility: 

Application Compatibility Download and run the Windows Vista Hardware Assessment Tool Download and learn the Application Compatibility Toolkit Deploy the ACT 5.0 evaluators in your current environment Inventory, analyze, rationalize, and prioritize your application portfolio Keep your software inventory up to date with current versions of vendor products Set up an application testing environment for Windows Vista Participate in the Online Compatibility Exchange Participate in the Application Compatibility newsgroups Understand the technical compatibility issues with Windows Vista and determine the degree to which they affect your applications Review the Application Compatibility Cookbook

Application Compatibility Toolkit V5.0: 

Analyze your portfolio of Applications, Web Sites, and Computers Evaluate operating system deployments or impact of operating system updates Centrally manage compatibility evaluators and configuration settings Rationalize and Organize by Applications, Web Sites, and Computers Prioritize compatibility efforts with filtered reporting Add and manage issues and solutions for your personal computing environment Deploy automated mitigations to known compatibility issues Send/Receive compatibility information to Online Compatibility Exchange Application Compatibility Toolkit V5.0

Windows Vista Upgrade Advisor: 

Windows Vista Upgrade Advisor Easy-to-understand report of: Known system issues Device compatibility issues Application compatibility issues



Subsystem for UNIX Application (SUA): 

Subsystem for UNIX Application (SUA)

Group Policy: 

Group Policy

Windows Defender: 

Windows Defender Improved Detection and Removal Redesigned and Simplified User Interface Protection for all users

Windows Vista Firewall: 

Windows Vista Firewall Combined firewall and IPsec management New management tools – Windows Firewall with Advanced Security MMC snap-in Reduces conflicts and coordination overhead between technologies Firewall rules become more intelligent Specify security requirements such as authentication and encryption Specify Active Directory computer or user groups Outbound filtering Enterprise management feature – not for consumers Simplified protection policy reduces management overhead

BitLocker™ Drive Encryption : 

BitLocker™ Drive Encryption Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating Ssystem Uses a v1.2 TPM or USB flash drive for key storage BitLocker

Spectrum Of Protection: 

BDE offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with. Spectrum Of Protection

Windows Vista Information Protection: 

Windows Vista Information Protection Who are you protecting against? Other users or administrators on the machine? EFS Unauthorized users with physical access? BitLocker™ Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)

Recovery Options: 

Recovery Options BitLocker™ setup will automatically escrow keys and passwords into AD Centralized storage/management keys (EA SKU) Setup may also try (based on policy) to backup keys and passwords onto a USB dongle or to a file location Default for non-domain-joined users Option for web service-based key escrow Recovery password known by the user/administrator Recovery can occur 'in the field' Windows operation can continue as normal

Everything Else: 

Everything Else


© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Questions?


© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.