In-Depth

Vista Made Easy

Ready to make the move to Windows Vista? Use these insider tips to quickly become an expert.

The decision is made. There's no more need for debate. You've come to the realization that either Windows Vista Service Pack 1 (SP1) is stable enough to make the move to it-or you simply can't take the risk of waiting for whatever features Microsoft delivers with Windows 7 sometime in 2010. Waiting another two-plus years would mean making an enormous leap, technologically and financially, from 2001's Windows XP to 2010's Windows 7.

Regardless of the motivation behind your decision, it's time to take a closer look at how Vista can make your IT life easier. You may be surprised.

The Group Policy Benefits
If you hook up any operating system to a Windows-based network, you can make that system conform to work within the herd. It's true. You can look at one machine and it has a Start button, but your new machine has a Start orb. One machine performs well with 1GB of RAM, while the other needs 2GB. In the end, there are domain mechanics at work to ensure they all work together and, just as importantly, pretty much work the same way.

However, Vista comes with some incredible additions involving Group Policy that will make you appreciate the control it delivers, and what that control provides. Whereas before you may have had to look to third-party Group Policy extension solutions for things like power options or device management, Vista brings that and more to the table.

With more than 800 new settings in Vista -- many of which are needed simply to support the new features the OS comes with, such as User Account Control (UAC) -- there are a few that can make Vista easier for admins. Let's take Power Management for one (see Figure 1). Maybe the "Go Green" posters or the complaints regarding your yearly power consumption have finally gotten to you, but the fact is that having an automated way to reduce the amount of time your systems stay at full power saves money. Microsoft, working with the U.S. Environmental Protection Agency (EPA), claims you might save as much as $50 per system by utilizing power-management settings through Group Policy.

Is this a new thing? Not at all. Other companies like DesktopStandard and FullArmor Corp. have provided similar features -- at a cost -- for Windows 2000 and XP, but Vista comes prepared for this one.

Other control factors with Vista Group Policy include removable media settings to prevent users from just plugging in USB devices or other removable media. There are additional security settings and printer assignments based on location as well as network-location awareness, which allows for faster boot times and a more reliable application of policy settings.

Figure 1
[Click on image for larger view.]
Figure 1. Power Management settings through Group Policy could save your company money-and the planet.

BitLocker: Whole Drive Encryption
With Vista being released using a Baskin-Robbins 31 Flavors approach, BitLocker gets lost in the mix. No, it's not found in the Business Edition, but it is found in the Ultimate and Enterprise Editions. Quibbling about the edition obscures the fact that BitLocker may save your business one day or protect people from having their sensitive data stolen.

For instance, in June 2008, six laptops were stolen from St. George's Hospital in London. Due to temporary network problems at the hospital, sensitive patient data was being stored on the laptops: the data of some 20,000 patients. That same month, a laptop stolen from the car of an AT&T employee was carrying a large load of completely unencrypted personal information on management-level workers. Analyst reports say that about 500,000 laptops are lost or stolen in the United States every year, with many of those systems containing as much as 80 percent of a company's data on them. The message: You need BitLocker technology.

BitLocker will encrypt your entire drive using the Advanced Encryption Standard (AES) with key lengths from 128 to 256 bits, plus an optional diffuser. There are different ways to enable BitLocker, two of which require a Trusted Platform Module (TPM) chip, which stores the key. This is a microchip that's part of the system. You can also use a USB key to hold the startup key. Additionally, you'll need to make sure you have two NTFS drives with at least 1.5GB on your system partition. The other partition is for your operating system.

Search Enhancements
Aside from the benefits for admins, there are benefits for users, and those benefits are not superficial by any means. The search improvements alone can help users work more productively. With the Instant Search bar, which is located right off the Start orb, users can begin typing and Vista immediately starts to look for the program, picture, e-mail or document with the name that's being typed.

For those photo junkies who can't help but take a thousand shots at the company picnic -- if you happen to allow them to plug in their device and download their pictures to your network, which I wouldn't -- Vista comes with the ability to tag photos in bulk, so that you can locate those shots later when it's time for the company newsletter to show you eating that huge slice of watermelon.

Another nice feature is the ability to remove metadata from a document quickly. You can right-click the file and go to the Properties tab and then the Details tab. There's a link at the bottom called "Remove Properties and Personal Information." When you select the link, you have the option to create a copy with all possible properties removed, or you can remove specific properties from the file. This is a good way to eliminate the metadata before sending a document over to a co-worker, to another team or to someone outside the organization.

Networks Made Easy
Personally, while I like having every other part of my OS be easy as pie, I do like my networking to be difficult. I want command-line troubleshooting and boot disks that you have to download Knowledge Base articles on so that you can add obscure drivers to the list of boot drivers. Call me nostalgic. I get used to a certain way of doing things and hate to just plug everything in and have it all work. But, for the most part, that's what you get with Vista. In fact, you even get a new tool called the Network and Sharing Center (see Figure 2), which feels a bit like a console off the bridge of the Enterprise.

Figure 1
[Click on image for larger view.]
Figure 2. The Network and Sharing Center prepares you for Starfleet Academy and helps you easily network your Vista machines.

The Network and Sharing Center has a map of your network connection. The best part about this map is that if you ever have a connectivity problem, you can quickly see if it's with your connection to the router or your connection from the router to the Internet: There'll be a big red X indicating where the problem is. You're shown your connections, signal strength and which features are on or off in Sharing and Discovery. Best of all, you have Tasks on the left-hand side that lead you toward all of the familiar -- as well as new -- tools.

If you want to see all your network connections so you can get into the properties of your connections, click Manage Network Connections. If you want to configure your wireless networks, click Manage Wireless Networks, where you can add networks, look at your adapter properties, see the profile type and so forth. If you're having trouble with any part of your connection, click the Diagnose and Repair link to have the system self-diagnose. It doesn't always fix the problem, and sometimes I like that, because it allows me to step back in and manually figure out what's wrong, like in the old days.

I admit that I do like the Network Connectivity Status Indicator (NCSI), a small network icon that sits in the system tray. We've always had the little two-monitored icon, but this time the icon shows us quickly if there's a problem. Can we connect? Are we connected but not to the Internet, which shows a little globe if we're connected?

Note: To take advantage of Windows Vista's Group Policy settings, you have to run the Group Policy Object Editor or Management Console from either a Vista system or a Server 2008-based server.

Windows Meeting Space
You might remember NetMeeting, which allowed us to show local programs or documents with any number of remote users who could all collaborate together. Windows Meetings Space replaces NetMeeting with an entirely new application based upon several new features available in Vista, including IPv6. You have to first configure the People Near Me feature and sign in, and then you can see others who might be in the same room or in close proximity for you to begin a Windows Meeting Space session.

The benefit of this application is that you can share handouts and documents automatically with participants. You can also share an application with others, and you can collaborate on the documents you work with (see Figure 3).

Multiple Local Group Policy Objects
If you're thinking, "Hey, didn't we cover Group Policy?" you'd be correct. But Vista connected to a network is different from Vista standing on its own. Perhaps as a desktop admin you've had the frustration of dealing with Windows 2000 or XP in an environment such as a school, library or kiosk setup, where you wish you could utilize more than one policy on these machines that are domainless. Well, Vista comes with that ability under Multiple Local Group Policy Objects (MLGPOs).

Figure 1
[Click on image for larger view.]
Figure 3. Windows Meeting Space gets your team collaborating in minutes.

A great example of this feature in action can be seen using Parental Controls, which only work when Vista is working as a standalone system. Parental Controls allow you to take standard user accounts -- though not administrative accounts -- and place restrictions on how those accounts function. This includes restrictions on the times the account can log on, the games or types of games allowed, the downloads that are allowed or not and, logically, the Web site levels allowed. You can block by site or by content. Perhaps best of all is the log feature, where you can check to see every place a user goes. Desktop admins and consultants can greatly benefit from this feature in Vista, but many of them don't even realize that it exists. The real power of this capability is that it isn't an application running on top of the architecture, but rather it's right down in the OS architecture itself.

What it illustrates for admins on a larger level is that they can configure individual users' systems so that they have individual policies. You can go through the Group Policy Object Editor and create your own policies for standard users or for individual users. This is one more example of Vista giving admins more control.

The Little Things
I could've led off this story with these points, but you might have thought that I was packing it with fluff. I now want to point out a few ways in which I think using Vista can really make life easier.

First off, the clock. I know, this sounds silly, but I work with people all over the world and I'm constantly dealing with appointments in other locations. The great thing about the clock is that you can configure two additional time zones, and those clocks will appear whenever you click the time (see Figure 4). Now I'm never late for a phone conference.

Figure 1
[Click on image for larger view.]
Figure 4. Multiple clocks: Not exactly WinFS, but still a cool feature you'll be happy Redmond didn't leave out of Vista.

Next is the Event Viewer, with the ability to have an event trigger an alert. You find the problem that's occurring on the system, select the event and then choose Attach a Task from the actions pane. You can establish that alert as starting a program, sending an e-mail or displaying a message to the user. It's a great way to track down the cause of specific problems.

I'm grateful that the msconfig.exe tool is still available, too. Just type in the command in Instant Search and the tool appears. You can click right into the Startup tab and turn off any annoying application that keeps pestering you on startup -- disable the app here and never again have to worry about it. You can then head over to the Tools tab and quickly launch any tool you want. You can even disable UAC -- not that you should -- and then re-enable it with a click and a reboot.

It's Not All Easy
There are times when certain things may cause frustration. Some applications, for a variety of reasons, won't work smoothly on Vista or will insist on administrative credentials from your standard users. Out of frustration, you might be tempted to disable the UAC. Don't. By enforcing the proper control over accounts, Microsoft has developed an excellent way to protect us from things happening on our system that shouldn't happen. Unfortunately, some legacy applications and hardware devices don't work well with this new method.

Is this because Microsoft failed to instruct developers years ago how to properly code? Not at all. But Microsoft didn't have an OS that enforced coding, so coding was without law. There are fixes or shims that you can apply, however, to keep UAC turned on, which lets you mitigate the frustration of apps requiring admin credentials. You can accomplish this using a free set of tools from Microsoft called the Application Compatibility Toolkit -- and specifically a tool called the Standard User Analyzer. This tool analyzes the app, sees what the Administrator's account has that the Standard User doesn't, and, with a click, mitigates those permissions on that app for the user (see Figure 5). Easy, right? Not quite. But with a little effort, it will become easier.

Figure 1
[Click on image for larger view.]
Figure 5. The Standard User Analyzer makes older or stubborn apps work with Vista and especially with User Account Control.

The Hardest Part Is Behind You
Once you make the decision to move to Vista, the hard part should be behind you. Microsoft has put a ton of effort into ensuring that the deployment tools are solid, and with SP1 already released you'll have a lot less turmoil than some eager admins who deployed Vista the day it was released to manufacturing. They are to be admired and praised, however, in that they've already been through the hurdles and now their people are Vista veterans. As you venture forward into the world of Vista, remember there are a ton of great features that generally will make your work and the workload of your users a lot smoother and safer.

More Information

For a list of all of the policy settings for computer and user configurations with Windows Vista, download the "Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1" spreadsheet from Microsoft.
comments powered by Disqus

Reader Comments:

Mon, Oct 27, 2008 Pat Oregon

Tagging a photo in Vista can destroy the metadata.

Mon, Oct 13, 2008 Fred Connecticut

Yeah, sure, Ultimated or Enterprise. Acer offers neither for my Acer laptop, just Home Premium. So how do I get the advantages of BitLocker, or Microsoft Fax, both of which had equivalents in XP Home, for gosh sakes, but not in Vista Home Premium? Answer: I don't! But I miss 'em. If downgrading to XP were an option on this Acer notebook (it isn't -- Acer publishes no XP drivers for this machine), I'd do it in a trice just to get the old Fax Wizard back!

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.