windows vista - pennsylvania state university · windows vista a replacement for windows xp a long...
TRANSCRIPT
![Page 1: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/1.jpg)
Windows VistaAll Staff Breakout Session
June 28, 2006
![Page 2: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/2.jpg)
All features are subject to change. Confidential to ITS
Windows Vista Task ForceGroup formed to assess Vista impact on PSU
Co-chair: Connie Welch & Al WilliamsParticipants from all ITS Operating UnitsMeeting monthly since March 1Several Vista Beta subscribers – testing every buildSeveral MSDN subscribers – testing customer technology previews (ctp)
Logging experiences on a wiki
Have initiated a communication planOnline updates: http://its.psu.edu/headsup/VistaOS/Will publish in ITS news distributionsWill participate in ITS events
![Page 3: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/3.jpg)
All features are subject to change. Confidential to ITS
Windows VistaA replacement for Windows XPA long time coming (will be 5 years in October)Lacking in many of the promised featuresNot going to be available on a PC you buy in 2006Not a replacement for Server 2003
Windows Longhorn Server predicted for 2007 or 2008Very graphically intense GUIHas confusing hardware requirements
![Page 4: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/4.jpg)
All features are subject to change. Confidential to ITS
A single product with 5 versions
**MUI -All Languages
*Windows Ultimate Extras
Remote Desktop
Web Server
Fax & scanning utility
Domain Join
Offline folders
Group Policy
SUA (Unix Subsystem)
BitLocker (Full Volume Encryption)
**Virtual PC Express
Encrypted File System
Mobility (Tablet, Aux Display)
Network Projection
HD MovieMaker & DVD authoring
Media Center (incl. extender)
Aero glass, animations and visuals
Scheduled & Networked Backup
Join OnlyP2P Meeting Space
Search & Organize
Security & Perf. Enhancements
UltimateEnterpriseBusinessHomePremiumHome BasicDifferentiated Feature
*Available separately for free for these SKUs only
![Page 5: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/5.jpg)
All features are subject to change. Confidential to ITS
New FeaturesUser Account Control Changes
All users run in the context of a standard userStandard users can do moreRegistry and file system Virtualization
Bidirectional firewallBitLocker™
What is it?Who should use it?Recovery/ForensicsSecure Decommissioning
User Interface Changes
![Page 6: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/6.jpg)
All features are subject to change. Confidential to ITS
User Account ControlMany options are configured via Local Security MMC
Elevation prompt for admins – consent/credentials/no promptElevation prompt for standard users – credentials/no promptInstaller detection on/offAdmin approval mode on/offOnly allow signed/trusted admin apps on/offFile/registry virtualization on/off
![Page 7: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/7.jpg)
All features are subject to change. Confidential to ITS
Elevation ModelAdministrator Privileges
Standard User Privileges (Default)
AdministratorAccount
Standard UserAccount
Ways to Request ElevationApplication marking
Setup detectionCompatibility fix (shim)Compatibility assistantRun as administrator
![Page 8: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/8.jpg)
All features are subject to change. Confidential to ITS
Standard Users Can Do MoreView system clock and calendarChange time zoneConfigure secure wireless (WEP/WPA) connectionChange power management settingsCreate and configure a Virtual Private Network connectionAdd printers and other devices that have the required driversinstalled or allowed by group policyDisk defragmentation is a scheduled background process
Shield icons mark what actionsrequire administrative users
![Page 9: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/9.jpg)
All features are subject to change. Confidential to ITS
Registry and Personal Data Virtualization
Virtualization defaults to On for all standard users Off for administrators
Registry VirtualizationWrites: Redirect per-machine file and registry writes to equivalent per-userlocationsReads: Try the per-user location first, then the global location
Data RedirectionLegacy applications write to administrator locations
HLKM\Software%SystemDrive%\Program Files, etc
Redirection removes need for elevationWrites to HKLM go to HKCU redirected store
HKU->(user SID)_classes->VirtualStoreWrites to system directories redirected to per-user store
(%localappdata%\virtualstore)
![Page 10: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/10.jpg)
All features are subject to change. Confidential to ITS
Vista FirewallWindows XP SP2 Windows Vista
Direction Inbound Inbound, outboundDefault action Block Configurable for directionPacket types TCP, UDP, some ICMP AllRule types Application, global
ports, ICMP typesMultiple conditions from basic five-tuple to IPsec metadata
Rule actions Block Block, allow, bypass;with rule merge logic
UI and tools Control Panel, netsh C-Panel, more netsh, MMCAPIs Public COM, private C More COM to expose rules, more C
to expose featuresRemotemanagement
none Via hardened RPC interface
Group policy ADM file MMC, netshTerminology Exceptions; profiles Rules; categories=profiles
![Page 11: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/11.jpg)
All features are subject to change. Confidential to ITS
Trusted Platform Module (TPM)
Smartcard-like module on the motherboardTPM 1.2 offers the following features:
Performs cryptographic functionsRSA, SHA-1, RNGMeets encryption export requirements
Can create, store and manage keysHolds Platform MeasurementsAnchors chain of trust for keys and credentialsProtects itself against attacks
![Page 12: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/12.jpg)
All features are subject to change. Confidential to ITS
BitLocker™ Features Overview
BitLocker Drive Encryption – Windows VolumeAES-128 or AES-256
Integrity Checking of Windows Boot FilesPre-OS Multi-factor AuthenticationSecure DecommissionSingle Microsoft TPM driverTPM Base Services (TBS)0% - 15% Performance Decrease4 Implementation
USBTPMTPM + PinTPM + USB
22
33
1
StorageStorageRoot KeyRoot Key
Volume Volume Encryption Encryption
KeyKey
BootBoot300MB-1.5GB300MB-1.5GB
WindowsWindowsTPM orUSB Key
Not Encrypted
Encrypted
![Page 13: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/13.jpg)
All features are subject to change. Confidential to ITS
Who’s BitLocker™ for?“If I wrote Policy!”
REQUIRED:Anyone with Domain/Enterprise Administrator RightsAnyone who touches Confidential DataAnyone using a machine provided for the purpose of telecommuting
STRONGLY RECOMMENDED:Any workstation storing confidential informationAny laptop primarily used by staff who access confidential informationAny system (specifically laptops) containing test scores, course rosters orother information that may identify individual students
OPTIONAL:The desktops and laptops of anyone performing an IT function on campus
Confidential Data: Student Records, SSN’s or PSU-ID, HR / Salary Information, etc.
![Page 14: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/14.jpg)
All features are subject to change. Confidential to ITS
Recovery/ForensicsRecovery Keys
Can be stored at a specified file locations(USB Key/File Server)
Cannot be stored on the same USB key used to start a machineCan be automatically stored in AD(Windows 2003 SP1 or higher AD Schema Required)Group Policies can control all these settings
ForensicsEverything is encrypted with AES-128 or AES-256You’ll need the recovery keysDon’t implement this technology without having a good recoverykey strategy!
![Page 15: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/15.jpg)
All features are subject to change. Confidential to ITS
Secure Decommissioning
**************
Nothing
Reformatdrive
Admin wipes drive
Delete keys
Normal Secure DecommissionVs.
![Page 16: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/16.jpg)
All features are subject to change. Confidential to ITS
User Interface ChangesVista will be confusing because of new GUI
Everything looks and feels like you are running InternetExplorerThe menu is missingFamiliar things like File Explorer, Network Center and ControlPanel are sufficiently different to be disconcertingMouse actions are sometimes not clear as to when mouse-over does something vs mouse hover vs single click vsdouble click
How fast the system functions is directly proportional to howglitzy you want the UI to look
The more glitz, the more confusing at firstGlitzy UI features can be turned off for less powerful machines
We’ll document this in more detail
![Page 17: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/17.jpg)
All features are subject to change. Confidential to ITS
Some Things Don’t Work YetCisco VPNSymantec Anti-VirusWireless 802.**
Can access unsecuredSome WEP worksDoes not support 802.1x EAP-TTLS
Remember - it’s still Beta Code
![Page 18: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/18.jpg)
All features are subject to change. Confidential to ITS
Public Beta AvailableWindows Vista Beta 2 has been released.The Public Beta is available for everyone to
download and usehttp://www.microsoft.com/windowsvista/getready
![Page 19: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/19.jpg)
All features are subject to change. Confidential to ITS
Vista Reference SitesMicrosoft Marketing Site:
http://www.microsoft.com/windowsvista/Vista Versions :
http://www.microsoft.com/windowsvista/versions/Interesting Alternate Opinion (Paul Thurrott):
http://www.winsupersite.com/reviews/Where Vista Fails (Paul Thurrott):
http://www.winsupersite.com/reviews/winvista_5308_05.asp
![Page 20: Windows Vista - Pennsylvania State University · Windows Vista A replacement for Windows XP A long time coming (will be 5 years in October) Lacking in many of the promised features](https://reader033.vdocuments.us/reader033/viewer/2022050311/5f738bb07a97ae67c447609e/html5/thumbnails/20.jpg)
Let’s Take a Tour