Putting Vista under the microscope - part two

Investigation of new OS continues


Microsoft has a long, sad history of getting networking wrong.

Until Windows Vista, that is. The new operating system represents a breakthrough when it comes to Windows and networking. For the first time, it’s easy to get a quick overview of your network at a glance, manage multiple wireless networks, make new network connections, set up file sharing and more.

At the centre of all this is the Network and Sharing Centre. It put the most important networking features into an integrated, simple-to-configure interface. Setting up file sharing, for example, was painful to do properly in Windows XP but is now a matter of a few mouse-clicks. And everything else is in easy reach as well, including connecting to a network, setting up a new network, managing your network connections, and diagnosing and repairing network problems.

One of Windows Vista’s best new networking tools is the Network Map. Click “View Full Map” from the Network and Sharing Centre, and a live map is drawn of all the devices and PCs on your network. Hover over a device or click on it, and you’ll get more details about that device. Hover over a gateway, for example, and you’ll see its IP address and MAC address. Click a PC, and you’ll see the shared network files and folders on it.

However, if you have a network with PCs that have earlier versions of Windows on it (and who among us doesn’t?), you’re going to run into a few bumps. Windows Vista uses the new Link Layer Topology Discovery (LLTD) protocol, which speeds up discovering and displaying network devices, as well as allowing Windows Vista to grab information about them.

Earlier versions of Windows don’t include LLTD, and so you’ll notice networking support for them tends to be flaky. Sometimes they’ll show up on the Network Map, sometimes they won’t, and they appear and disappear at random times. Microsoft says it will release an LLTD add-on for Windows XP PCs when Windows Vista ships, so that might solve the problem.

Wireless networking

Wireless networking support has been significantly improved as well. Windows Vista is designed for a world that’s increasingly wireless, and in which many people connect to multiple networks, at home, at the office, and in public hotspots.

The connection screen not only lets you view all nearby wireless networks, but if you hover your mouse over one, you’ll see all of the network’s vital statistics, including the type of network (802.11b, 802.11g, and so on), whether security is being used, and if so, what kind.

Another nice touch: if you connect wirelessly as well as via Ethernet to the same network, Windows Vista automatically recognises that it’s the same network. It will even include both adapters on a network map. And it will automatically use your Ethernet connection rather than your wireless connection to make use of Ethernet’s superior speed.

This isn’t to say that networking is perfect. The Sync Centre, which can be used to synchronise network folders across a network, has an extremely confused interface. And overall, there are too many different links that all lead to the same location. But these are minor quibbles; overall, networking support is one of Windows Vista’s greatest strengths.

Expanded Group Policy settings (including USB device lockdown)

Group Policy support is built into Vista, and it comes with hundreds of new settings that can be used to configure limits and make the operating system better suited to specific corporate environments. Say no to USB memory sticks, for example, while allowing USB ports to be used for other things. There are also numerous new settings and limits for power management, wireless networking, printing, browsing and many other areas.

File-based imaging for installing and maintaining Vista

Vista comes with new Windows Imaging (WIM) technology, a hardware-independent system image file format that allows companies to maintain fewer desktop images. Microsoft’s compressed, modular approach allows variations, such as language options, to all be incorporated into one image.

If a company requires multiple images — for instance, if more than one Vista edition is deployed — those images can be stored in a single WIM file to save space. ICT pros can also make changes to the image offline, without starting up each desktop to create a new image.

Non-destructive image application for Windows upgrades

When performing an in-place upgrade from a previous version of Windows, the new User State Migration Tool (USMT) allows you to keep user data and state/profile information on the user’s hard drive while you clean-install Vista, then apply the existing user data and settings to Vista. Whether you’re performing an in-place upgrade or migrating to a new PC, Vista’s built-in migration capabilities automatically import specified user files and settings from Windows 2000 or XP.

Windows Preinstall Environment (Windows PE)

Windows PE replaces MS-DOS as a pre-installation environment, and includes a variety of tools and features that make it easier to deploy Windows Vista. It’s built from Windows Vista components, and so can run graphically, and run many Vista applications. It allows for a highly automated deployment process, and can work in concert with WIM to help enterprises deploy Windows Vista. Under Windows XP, Windows PE was available only to Microsoft Software Assurance customers, but under Vista it’s available to all corporate customers.

Application Compatibility Toolkit (ACT) 5.0

One of the most difficult tasks for businesses is getting a handle on all their installed applications. Vista’s ACT 5.0 is designed to help organisations herd these cats with tools to identify installed applications, collect system information and pinpoint compatibility issues with User Account Control.

Improved trouble warning, diagnostics and recovery

Vista ties together several underlying technologies with software that, if it works as billed, could cut down on helpdesk support issues. The operating system offers improved automatic recovery, diagnostics, a new recovery environment with a start-up repair tool and monitoring-notification systems that companies can configure to send an SOS to helpdesk operations before a drive fails or whenever a device driver is causing instability. The revised event log and task manager should help ICT personnel diagnose problems more readily.

Address Space Layout Randomisation (ASLR)

This cool techie security feature makes it more difficult for malicious code to locate and exploit system functions. When any system is rebooted, ASLR randomly assigns DLLs, EXEs and other executable images to one of 256 possible memory locations.

Network Access Protection (NAP) service

Network administrators will welcome the Network Access Protection service, which works in concert with Windows Longhorn Server, Vista and XP. It lets ICT managers set security standards that all computers must meet before a server allows them to connect to a network, such as having up-to-date virus definitions. If a computer doesn’t meet the standards, the network connection is refused.

Simplified deployment of network security settings

Network administrators can deploy and manage security settings that combine Windows Firewall and Internet Protocol security (IPsec) using a single wizard-driven interface.

Native IPv6 support

Vista natively supports IPv6, the next generation version of Internet Protocol. IPv6 offers not only a larger networking address space, but other benefits as well, such as better network-layer security, support for multicasting, automatic configuration of hosts, and better support for Quality of Service (QoS). Today this doesn’t mean much. In the next few years, though, it will, because IPv6 will increasingly be used by corporations and government agencies.

BitLocker Drive Encryption

Enterprises that care about security will be pleased with the new BitLocker Drive Encryption, a hardware-based method of encrypting all data on a PC using the Advanced Encryption Standard (AES) with 128 or 256-bit keys. It’s primarily designed to be used with laptops, so that if one is stolen, the data on it will not be able to be read by a thief. Even Startup and logon information is encrypted, so that the laptop won’t even be able to be started. Given that nearly every week a laptop is stolen or lost that contains private information, this will be welcomed by any corporations that have sensitive data.

BitLocker is designed to be used in concert with hardware that conforms to the Trusted Platform Module (TPM), which uses an embedded microchip to store encryption keys. The hardware must include a version 1.2 or higher TPM and use a Trusted Computing Group (TCG)-compliant BIOS.

BitLocker can also be used with non-TPM hardware by using a USB flash drive to store an encryption key. In theory, that may be true. In our experience, though, it’s not that simple to do, and some users have reported problems with doing this. Therefore, enterprises should use BitLocker only on TPM-compatible hardware.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftWindows VistaSpecial ID

More about ACTAdvanced Encryption StandardAES EnvironmentalMicrosoftToolkit

Show Comments