Mapping Windows Vista to Your Business Needs

Mapping Windows Vista to Your Business Needs

Some features are available only if you deploy Windows Vista in a domain that uses Active Directory™. Other features are available to any computer running Windows Vista, using any server. After you identify your business needs, you can map desktop management, security, and networking features in Windows Vista to those needs.

Security Features

Windows Vista includes features (see Table 1.1) to help you secure your network and computers by controlling user authentication and access to resources and by encrypting data stored on computers. Also included are preconfigured Security Templates for various security scenarios.

Table 1.1 Security Features in Windows Vista

Feature Description Benefit

Security Templates

Four preconfigured combinations of security policy settings that represent different organizational security needs: basic, secure, highly secure, and compatible.

Allow you to implement the appropriate templates without modifications or use them as the base for customized security configurations.

Security groups

User groupings, used to administer security, that are defined by their scope, their purpose, their rights, or their role.

Allow you to control users' rights on the system. By adding or removing users or resources from the appropriate groups as your organization changes, you can change ACLs less frequently.

Access control lists (ACLs)

Ordered lists of access control entries (ACEs) that collectively define the protections that apply to an object and its properties.

In combination with security groups, configuring ACLs on resources makes user permissions easier to control and audit.


The authentication protocol for computers running Microsoft® Windows® 2000, Windows XP Professional, and Windows Vista in Active Directory domains.

Provides more efficient and secure authentication than NTLM.


The default authentication protocol in Microsoft® Windows NT® version 4.0, Windows XP Professional, and Windows Vista.

Allows Windows Vista computers to establish connections to Windows Server 2003–based networks.

Windows stored user names and passwords

A technology that can supply users with different credentials for different resources.

Can increase security on a per-resource basis by allowing users to store and manage credentials.

Smart card support

An integrated circuit card (ICC) that can store certificates and private keys, and perform public key cryptography operations such as authentication, digital signing, and key exchange.

Provides tamper-resistant storage for private keys and other forms of personal identification. Isolates critical security computations involving authentication, digital signatures, and key exchange. Enables credentials and other private information to be moved among computers.

Encrypting File System

A feature of NTFS that uses symmetric key encryption and public-key technology to protect files.

Allows administrators and users to encrypt data to keep it secure. This is particularly beneficial to mobile users.

Networking and Communications Features

Computers that run Windows Vista can be configured to participate in a variety of network environments, including Microsoft® Windows® –based, UNIX-based, and IBM Host Systems–based networks. Windows Vista can also be configured to connect directly to the Internet without being part of a network environment. Windows Vista includes several features, such as Zero Configuration, that simplify the process of connecting to a network and that allow mobile users to access network resources without physically reconnecting cables each time they move to a new location. Table 1.2 describes several features in Windows Vista that provide remote and local access to resources and support for communication solutions.

Table 1.2 Networking Features in Windows Vista

Feature Description Benefit


The standard transport protocol in Windows Vista.

Provides communication across networks that use diverse hardware architectures and various operating systems, including computers running Windows Vista, devices using other Microsoft networking products, and non-Microsoft operating systems such as UNIX.

Dynamic Host Configuration Protocol (DHCP)

A protocol that allows computers and devices on a network to be dynamically assigned IP addresses and other network configuration information.

Eliminates the need to manually configure IP addresses and other IP settings, reducing potential conflicts and administrative overhead caused by static configurations.

Telephony and Conferencing

A service that abstracts the details of the underlying telecommunications network, allowing applications and devices to use a single command set.

Allows data, voice, and video communications to travel over the same IP-based network infrastructure.

Remote access

A connection between the local network and a remote or home office, established by dial-up modem, virtual private network (VPN), X.25, Integrated Services Digital Network (ISDN), or Point to Point Protocol (PPP).

Allows users to access the network from home or remote offices or in transit.

Secure home networking

Includes Internet Connection Sharing, bridging, personal firewall, and UPnP.

Provides easy connectivity for various devices within the home and from the home to the corporate network, along with safe access to the Internet and multiple-user accessibility over a single Internet connection.

Wireless connectivity

Protocols that are supported by Windows Vista to provide LAN and WAN connectivity, including security mechanisms that can make the wireless connection as secure as a cabled connection.

Provides ease of mobility by allowing users to access network resources and the Internet without using connection cables.

Zero configuration

A mechanism in which a client computer goes through a list of possible network configurations and chooses the one that applies to the current situation.

Allows the administrator to set up the initial configuration options so that users do not need to know which connection configuration to use.

Desktop Management Features

Desktop management features allow you to reduce the total cost of ownership (TCO) in your organization by making it easier to install, configure, and manage clients. These features are also designed as tools to make computers easier to use. Table 1.3 describes desktop management features in Windows Vista that increase user productivity.

Table 1.3 Desktop Management Features in Windows Vista

Feature Description Benefit

Group Policy Administrative Templates

Files that you can use to configure Group Policy settings to govern the behavior of services, applications, and operating system components.

Allows you to configure registry-based policy settings for domains, computers, and users.

Software Installation and Maintenance

An IntelliMirror feature that you can use to assign or publish software to users according to their job needs.

Allows you to centrally manage software installation and to repair installations by using Windows Installer.

Roaming User Profiles

A feature that ensures that the data and settings in a user's profile are copied to a network server when the user logs off and are available to the user anywhere on the network.

Provides a transparent way to back up the user's profile to a network server, protecting this information in case the user's computer fails. This is also useful for users who roam throughout the network.

Folder Redirection

An IntelliMirror feature that you can use to redirect certain folders, such as My Documents, from the user's desktop to a server.

Provides improved protection for user data by ensuring that local data is also redirected or copied to a network share, providing a central location for administrator-managed backups. Speeds up the logon process when using Roaming User Profiles by preventing large data transfers over the network.

Offline Files and Folders

A feature that you can use to make files that reside on a network share available to a local computer when it is disconnected from the server.

Allows users without constant network access, such as remote and mobile users, to continue working on their files even when they are not connected to the network. Users can also have their file synchronized with the network copy when they reconnect.

Multilingual Options

Multilanguage support in Windows Vista lets users edit and print documents in almost any language.

Lets administrators customize desktop computers in their organization with the language and regional support that best meets their users' needs.