Implications of enhanced security in Vista

The new security features under Vista will also change the deployment environment a bit. Under Vista, even an administrator account does not have all the rights needed to make system-level changes. These rights are throttled to a higher-level, as and when needed, by Vista’s User Access Control (UAC) system. Interestingly though, non-admin accounts can install drivers under Vista, which should reduce support calls from employees installing their own hardware on their PC. A possible support headache to keep in mind while deploying is that Vista no longer grants full rights to all programs–thus, programs which assumed access to drives and registry under Windows XP will be redirected automatically by Windows Vista to other directories under the user’s profile.

Vista’s firewall is now two-way, instead of just inbound like it was under XP. This new firewall is fully configurable via Group Policy.

Windows Vista Ultimate and Enterprise versions ship with BitLocker, which allows entire drivers to be encrypted (the OS volume). The encrypted volume can be read using the right keys and only from Vista. BitLocker requires that your motherboard support the Trusted Platform Module (TPM) 1.2. The unlock key can be stored externally on a USB drive.