Secure Configuration Assessment and Management

This page provides information for the IT professional about secure configuration assessment and management tools and services that are available for Windows Vista to administer security throughout a layered defense and manage ongoing threats.

Authorization Manager

Authorization Manager is a Microsoft Management Console (MMC) snap-in that can help provide effective control of access to resources. Authorization Manager is included with Windows Vista, Windows Server 2008, Windows XP, and Windows Server 2003. The two categories of role-based administration that benefit from this technology are user authorization roles, which are based on a user's job function, and computer configuration roles, which are based on a computer's function.

  • Authorization Manager
    This technology page in the Windows Server 2008 Technical Library contains resources for understanding recent improvements, planning and architecture considerations, deployment guides, troubleshooting resources, and procedures for using Authorization Manager.

Group Policy

Group Policy allows you to implement specific configurations for users and computers. The Group Policy Management Console (GPMC) and the Local Group Policy Editor are included with Windows Vista and Windows Server 2008.

Security Auditing

Windows security auditing features Granular Audit Policy, which introduces more than 40 new audit policy subcategories. For command-line help, see Auditpol [Vista]. For additional information, see the following Knowledge Base articles:

Security Policies

A security policy is a combination of security settings that affect the security on a computer.

Security Policy Settings

  • Security Policy Settings New for Windows Vista
    This reference topic provides information about new security settings in Windows Vista including the locations of the security settings in the local GPO, their default values, and a description of the setting.
  • Updated Security Policy Settings for Windows Vista
    The three security policy settings that have been updated from Windows XP are described in this reference topic.
  • Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1
    This downloadable spreadsheet lists the policy settings for computer and user configurations included in the Administrative template files (.admx/.adml) delivered with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1). The policy settings included in this spreadsheet apply to Windows Server 2008, Windows Vista with SP1, Windows Server 2003, Windows XP Professional, and Microsoft Windows 2000. You can configure these policy settings when you edit GPOs.
  • Security Policy Settings
    This provides information about security policy settings in Windows Server 2003.


Software Restriction Policies

Software restriction policies provide administrators with a policy-driven mechanism for identifying the software programs running on computers in a domain and for controlling the ability of those programs to run.

WMI Scripting for Security

WMI contains many new features and additional help in Windows Vista, including User Account Control scripting information, IPv6 and IPv4 support, security auditing of WMI namespaces, and new provider hosting models.

  • What's New in WMI
    This page provides information about new WMI security features in Windows Vista.