Windows Vista Security Guide

The Solutions for Security and Compliance team is currently developing the Windows Vista Security Guide v1. Based on the Windows XP Security Guide, this new guide provides recommendations for dozens of Group Policy security settings that are designed to assist customers in making their environments more secure.

The guide is currently being reviewed and tested by Microsoft engineering teams, consultants, support engineers, partners, and customers in an effort to make it:

• Proven -- Based on field experience.
• Authoritative -- Offers the best advice available.
• Accurate -- Technically validated and tested.
• Actionable -- Provides the steps to success.
• Relevant -- Addresses real-world security concerns.

As in previous guides, the new guide describes two environments:

Enterprise Client (EC) . Client computers in this environment are located in an Active Directory domain and only need to communicate with systems running Windows Server 2003. Client computers in this environment include a mixture: some run Windows Vista while others run Windows XP.

Specialized Security – Limited Functionality (SSLF) . Concern for security in this environment is so great that a significant loss of functionality and manageability is acceptable. For example, military and intelligence agency computers operate in this type of environment. The client computers in this environment run only Windows Vista.

The guide will include recommendations for Group Policy settings specific to each environment, as well as recommendations for an organizational unit structure adequate for deploying the settings throughout an environment.

In the past, deploying the prescribed security guidance was a long and tedious process involving multiple manual steps. Correct deployment, even in a test environment, could take hours. The new guide will include tools and templates that leverage built-in Windows Vista features to enable users to deploy all prescribed settings within a few minutes.

Finally, the guide will provide overviews, considerations, and resource pointers to many of the new security technologies in Windows Vista. Some of the technologies discussed include:

• User Account Control
• Windows Defender
• Windows Firewall
• BitLocker Drive Encryption
• USB Device Control
• Encrypting File System

To help customers better understand each technology, the overviews are organized in chapters that focus on specific threats (for example, "Defend Against Malware" and "Protect Sensitive Data").

The Windows Vista Security Guide v1 is currently scheduled to simultaneously ship with the release of Windows Vista.

José F. Maldonado
Solutions for Security and Compliance