I have spent the couple of months or so evaluating Vista with respect to:-
- Features and how to centrally manage and them with Group Policy Objects (GPOs).
- How to lockdown Vista for use in a secure environment
- How to let trusted administrators turn on ‘useful’ or cool new features.
- Ease the learning curve for the users of Vista.
Well the good news is that it in an environment that is closely managed and tightly locked down such as in Educational Institutions most of the new features will be locked down by existing GPOs that you have in place. The company I work for is a large IT service provider and supplier to the Educational market in the UK and further a field. My primary interest in Vista comes from a security standpoint; how can we lock the OS down so that Kids (or adult users) can’t break the OS but keeping it usable and exposing the new features they can make use of.
Whilst the level of locking down we do will not be required by many corporate networks it’s a good start point to lock the whole thing down and open things up as required or demanded (with justification) by the business.
In a Windows 200x/XP based network GPO settings are exposed in the Microsoft tools (GPMC, GPEdit) by the use of Administrative templates, currently these are ADM templates that use a kind of markup language that is proprietry to Microsoft. They control what you see in the MS GPO tools, how its laid out, descriptions of the settings, options you have for changing the settings. Whilst this works, with the coming of Vista and Longhorn Server these ADM templates will not be used by default and ADMX and ADML files are used and are based on open xml standards but essentially do the same job as ADM templates with a few differences in the mechanics of how they work. These will be discussed in more detail in another post.
In environments that use GPOs to lock down the OS its fairly simple to ensure Vista functionality is locked down too, you might ask why do this with the OS being all the publicity by Microsoft highlighting new security features in Vista? Whilst this may be the case, during any period of co-existence between different versions of Windows (XP and Vista) there will obviously be a learning curve, but you can stick to classic menus and the same GPOs to provide a common User Experience between the two versions. Useful new features in Vista can be evaluated and introduced as users are educated in these features and begin to use them on a home computer.
In my next few posts I will be going through the Vista Feature set providing information on how to control access to and features of them, generally they will come as time allows or when I happen to be testing them.
No comments:
Post a Comment