News

Windows Vista Beta Gives IT a Good View

Up until the rechristening as Windows Vista, the client operating system known as Longhorn had a winding history with its alpha releases, community technical previews and pulled or scaled-back features that had been primarily about developers. With the release of Windows Vista Beta 1, IT professionals and managers at last can find out what's in the OS for them.

Microsoft promised to focus on IT with this beta, and the company delivered. The Microsoft Web site is filled with white papers detailing changes that should benefit IT departments when Windows Vista ships in late 2006. Windows Vista Beta 1 is not broadly available—the Beta 2 will be the end-user-focused, large-scale version that will probably reach hundreds of thousands of testers. Nonetheless, with 10,000 copies out through the Windows Vista Technical Beta Program, and availability through MSDN subscriptions and Microsoft TechNet, most IT shops have access to the code. Indeed, Microsoft wants the code spread to IT workers worldwide to spur faster adoption when Vista goes gold.

While Microsoft bills Windows Vista Beta 1 as also focused on developers, those developers clearly aren't getting the volume of new information about the operating system that IT departments are getting. Developers have been kicking around WinFX, the Avalon presentation subsystem and the Indigo communication subsystem since the Microsoft Professional Developers Conference in 2003. The names have changed from Avalon to Windows Presentation Foundation and from Indigo to Windows Communication Foundation, but the code is just more polished.

The most tangible improvements IT is getting in Windows Vista Beta 1 involve deployment, manageability and security.

System Requirements
Microsoft remains vague on final system requirements for Windows Vista. With its Aero Glass user interface, Vista's graphical requirements will be high. Complicating the issue are a graduated set of requirements, where the UI downgrades its functionality based on the system hardware.

"Minimum system requirements will not be known until summer 2006 at the earliest," Microsoft wrote in a media fact sheet. "However, these guidelines provide useful estimates:"
  • 512MB or more of RAM
  • A dedicated graphics card with DirectX 9.0 support
  • A modern, Intel Pentium- or AMD Athlon-based PC
— S.B.

Deployment
Microsoft's major new features to enhance deployment are native image-based deployment and modularization.

Image-based deployment has traditionally been done with third-party software or other labor-intensive maintenance processes. Microsoft is trying to reduce the complexity of the process by basing the installation of Windows Vista on a file-based disk-imaging format called Windows Imaging Format (WIM), which:

  • Is hardware agnostic, allowing the maintenance of a single image for multiple hardware configurations
  • Can store multiple images within a single image file
  • Includes tools to allow administrators to edit the images to apply operating system updates, add drivers or remove applications, among other tasks.

Microsoft has also modularized the OS, to make it easier to deploy. One useful scenario for modularization is in international deployments. Because Vista treats languages as a modularized component, the English language can be distributed to one set of computers, while French or German might go to another group.

Manageability
Microsoft is investing in manageability technologies to reduce desktop support costs, simplify desktop configuration management, enable better-centralized management and decrease the cost of keeping systems up to date.

One new manageability technology is Windows Resource Protection (WRP). In essence, WRP is supposed to help keep end users from hosing their systems, necessitating a support incident. WRP prevents potentially corrupting changes to system files, folders or Registry keys from anything but a Windows-trusted installer.

Microsoft did some work on Group Policy. The Group Policy Management Console, first introduced as an add-on for Windows Server 2003, will be standard issue with Windows Vista. Most new configuration settings in the OS can be controlled via Group Policy. Another new feature allows for multiple Local Group Policy Objects on a computer for better flexibility when a system is shared.

Microsoft is also making efforts to increase the amount of information in event descriptions and providing that information in XML for export to management tools. Windows Vista can also forward events to a central location.

The tools for automating tasks also improved. Many key administrative tasks are now executable from a command line rather than just through the user interface for scripting or one-to-many administration. An improvement to the Task Scheduler now allows tasks to be launched in a specific sequence.

An End-User View of Vista
Even though Microsoft’s focus in Windows Vista is primarily IT professionals and developers, let’s face it: We all want to know what it’s going to be like to work with Vista as end users.

This beta offers the first officially sanctioned opportunity to work with the Microsoft’s Aero Glass user interface. Major themes are translucent windows, more animations and vector-based graphics that allow a user to increase the size of e-mails or programs on high-resolution monitors.

Figure A. Folders and file icons sport a new look in Windows Vista Beta 1.
Figure A. Folders and file icons sport a new look in Windows Vista Beta 1. (Click image to view larger version.)

Folder organization is overhauled with Virtual Folders (see Figure A) that search across folders and display files with similar properties. The dynamic Virtual Folders can be based on combinations of document authors, ratings, user-defined keywords and other criteria.

Icons are much different in Vista—instead of seeing a “W” for a Word document, you see a thumbnail image of the first page of the document. The thumbnail can be resized up to 256x256 via the vector-based graphics subsystem to make it more clear if the icon represents the sought-after document.

Microsoft sprinkled search boxes throughout the interface—everywhere from the Start Menu, where you can type in an application name to search for it and launch it, to Windows Explorer and Internet Explorer.



— S.B.

Security
While Windows XP Service Pack 2 greatly improved the security of the client OS, Microsoft contends architectural changes too deep for even that huge service pack have been made to Vista.

A key change is the introduction of a feature called User Account Protection, which is supposed to bring the concept of running with least privilege to reality. Most Windows users have Administrator privileges on their machines, due at least in part to the fact that many applications won't work properly if a user doesn't have full access to system resources. The situation poses a huge security risk, and Microsoft has tried to fix it previously, such as with the RunAs feature in Windows 2000. User Account Protection brings up a password prompt whenever an application attempts to operate beyond the standard set of user permissions.

With User Account Protection, Microsoft is trying to adjust the balance between security and compatibility by automatically virtualizing Registry settings and folders. Changes made to virtualized Registry settings and folders are visible only to that user account and the application the user runs on, protecting the integrity of the computer.

Changes to the Windows Firewall in Vista start with the personal firewall blocking all inbound traffic until the computer is updated with patches. The firewall is also upgraded to a two-way firewall and is integrated with IPSec.

Microsoft went back through Windows Services to harden them, trying to ensure that each service only has rights to perform functions essential to its mission. For example, the Remote Procedure Call (RPC) service, which will be increasingly important for remote access, can now be restricted from replacing system files or modifying the Registry.

And Now for Something Completely Different: IE7
Internet Explorer 7 looks very different from IE5 and IE6.

The facelift is apparent in the twin betas Microsoft delivered in late July—one integrated with the OS in Windows Vista Beta 1 and the other a technical beta released for Windows XP Service Pack 2.

Among the changes:
  • The Back and Forward arrows appear near the top of the browser window, with the Address Bar right next to them.
  • A new Search Bar appears on the top line, just across from the Address Bar. The Beta 1 version of the IE Search Bar gives the user an option of search engines, including Google and Yahoo!. The optional search engines are listed alphabetically as opposed to putting MSN first.
  • Between the Address and Search bars on the top line is a new Security Status Bar, which is the padlock icon Microsoft uses to flag secure transactions.
  • The Windows flag is gone from the upper right to clear more space for actual browsing features.
  • The next line on the browser includes tabs, the feature that Microsoft acknowledges is the “most requested” IE feature. Tabs have been a differentiating feature for competitive browsers from The Mozilla Foundation and others for several years. The feature allows a user to have several pages open within one browser window, rather than having to toggle among multiple browser windows.
  • A third line in the default browser interface includes the menu items and a collection of the basic browsing icons, such as Home, History and Print.
  • Down among the third-tier icons is a new one for Really Simple Syndication (RSS). In typical Microsoft fashion, instead of using the near-universal orange symbol with the white letters “RSS” inside, the company went and invented its own name for IE7. Microsoft calls the feature Web Feeds and uses a little broadcast symbol.
Microsoft says the most radical changes to IE7’s look and feel will come in Beta 2.

— S.B.

Throughout the Longhorn wave, which includes the server, Microsoft is enabling a technology called Network Access Protection, which will quarantine clients in a special area of the network until patch, antivirus and policy compliance is confirmed. Microsoft is taking a first step by including an agent in Windows Vista that will enable many of the scenarios as other pieces of the Network Access Protection infrastructure come online.

Windows Vista is designed from the ground up to help organizations move beyond reliance on passwords. Microsoft made Vista's authentication capabilities more flexible to allow for customized authentication mechanisms, including fingerprint scanners and smart card login. The OS includes self-service tools for resetting smart card PINs, and supports authentication via IPv6 or Web services. Enhancements to the Encrypting File System now allow storage of encryption keys on smart cards, as well. (See the interview with Microsoft CIO Ron Markezich for details on how Microsoft will move to smart card authentication with Windows Vista.)

Beta 1 also contains the remnant of the Next Generation Secure Computing Base, or Palladium. In systems with a Trusted Platform Module (TPM) 1.2 chip, Windows Vista will fully encrypt the system volume, protecting data on lost, stolen or recycled machines from access.

Who Is Vista Beta 1 For?
Analyst Michael Silver with Gartner says Beta 1 is not for every IT department. Most organizations should do testing to understand Vista's search capability, its new imaging and deployment features and User Account Protection. Organizations that have adopted Windows XP, even just on new PCs, should make sure their developers have tried out the APIs but shouldn't spend too much time testing functions or checking compatibility with Beta 1. "You may wait at least until Beta 2, if not longer, before beginning testing in earnest," Silver said. He expects Beta 2 early next year.

IT managers at organizations that plan to skip Windows XP, on the other hand, should plan to begin limited, internal compatibility testing.

"After Windows Vista ships, you will have much less time than those running Windows XP to test and deploy the new OS before independent software vendor support starts waning around 2007."

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.