University-Centric Windows Vista
From Provider Notes
This page details University-centric Windows Vista notes and information. It is designed to get contextual information out as it becomes available - more formal notifications and briefings will follow. A more general Windows Vista article is available.
Contents |
General Information
- Information Systems & Computing (ISC) will support the 32-bit versions of Business, Enterprise, Ultimate, and Home Premium editions of Windows Vista for its clients, including off-campus students, only on new workstations that ship with Windows Vista pre-installed. ISC strongly recommends that all other users adopt a "wait and see" approach, continuing to use previous versions of Windows (including Windows XP Professional, Windows XP Home, and Windows 2000 Professional) until the initial bugs in Windows Vista are identified and fixed.
- The University will not support all available versions of Windows Vista. In particular, Windows Vista Home Basic will not be supported in any way.
Versions and Support
| Version | Notable features | Supported by ISC? |
|---|---|---|
| Business | Comparable to XP Pro, supports domain-based authentication and EFS . Lacks some media functionality. | √
|
| Enterprise | Step up from Business, supports BitLocker system-volume encryption. Not available through retail channels | √
|
| Ultimate | Combines media functionality with business-class functionality, includes "Ultimate Extras" media add-ons. | √
|
| Home Premium | Comparable to XP Home, includes Media Center and DVD burning, lacks domain-based authentication. | √
|
| Home Basic | Step down from Home Premium, lacks many networking, security, and media functions. Not recommended. | X
|
Licensing
Windows Vista installation and activation will function a bit differently than users may be familiar with for Windows XP. For starters, the user will be able to install Vista without entering a product key because there is a 30-day grace period before they must activate the installation. Secondly, the user can activate using a Multiple Activation Key or using a Key Management Service code.
Multiple Activation Key
The Multiple Activation Key, or MAK, is similar to the Site License model used for XP. Activation need only be done once, so long as the hardware configuration does not change dramatically. If a MAK is stolen, Microsoft can invalidate it so that it cannot be used on further activations. If this happens, the invalidation of a specific product key will not affect current installations that used that key. Microsoft has indicated that 5-10 re-images will be allowed before a key becomes invalid and Microsoft will need to be contacted for further activations.
Key Management Service
The Key Management Service, or KMS, is geared to environments with more than 25 Vista machines operating on their own network behind a firewall. The Key Management Service runs on a Windows machine, and must be authorized by Microsoft. Machines being installed with Vista will associate with the KMS automatically without any mechanism for authorization. This can cause problems in environments where users from outside of the organization have access to the network, as they would be able to easily acquire a license from the KMS, intentionally or otherwise.
After activation with a KMS server, a Vista machine will re-activate with that KMS every 7 days. If that machine is unable to validate with the KMS, it will wait an additional 7 days before attempting to re-activate. This process will continue for 180 days if the KMS server cannot be contacted, at which point Vista will warn the user and the computer will enter a 30 day grace period before going into Reduced Functionality Mode.
Additional Licensing Notes
- Windows Vista Ultimate will not use the KMS. Each copy of Ultimate will be separately licensed. Vista Ultimate will be available by volume pricing, but not volume activations.
- There will be no difference between licensing of physical machines and licensing of virtual machines.
- Upgrade versions of Vista cannot be used to perform clean installations of the operating system. Previously, "Upgrade" versions could be installed so long as the user had an eligible copy of Windows they could place in the disk drive to be checked. Beginning with Vista, a previous Windows operating system must actually be installed on the system before the Upgrade version of Vista can be installed. This may cause problems in instances where "clean" installations are preferable or even necessary. Microsoft KB930985 clearly states this, and Ars Technica has an article on it.
- Vista licensing is per machine. Transfer of a copy of Vista to another machine is against the EULA even if the previous installation has been removed or that machine is otherwise inoperable.
Hardware
- Microsoft has two levels of Windows Vista compatibility on current hardware: Windows Vista Capable and Windows Vista Premium Ready. ISC considers the Windows Vista Capable compatibility level to be essentially meaningless - we believe that most Schools, Centers, and individuals will only consider transitioning to Windows Vista if they have Windows Vista Premium Ready hardware which supports the full capabilities of Windows Vista.
- The 2006-2007 Desktop Recommendations are the first fully Windows Vista Premium Ready University-wide yearly hardware specification, though the Performance PC, Desknote, Midweight Laptop, and Large Laptop quarterly hardware specifications have been Premium Ready since October, 2005.
Notable Security Featuress
Windows Vista has introduced a number of new features designed to improve the overall security of th operating system itself, as well as the local network. Some of these features are intuitive, and others will take a bit of time to become accustomed to.
User Account Control
User Account Control, or UAC, is perhaps the biggest change from Windows XP. UAC is a method of securing applications and processes, disallowing actions that require Administrator permissions without acknowledgment and authentication from the user. This is similar to "sudo" for Unix/Linux users. When a user performs an action that requires Administrator permissions, the remainder of the screen locks down and they are presented with a UAC window. If the user is logged in as an Administrator, they have the option of allowing or disallowing the action, and if they are logged on as a standard user, they will be given the option of temporarily elevating privileges for that action.
The practical implication of this is that it is now more difficult for malware to overtake the computer. Additionally, it is more difficult for a standard user to perform an action (accidentally or otherwise) that would harm the Operating System. However, since UAC windows will pop up even for Administrator users, just to confirm an action, some find this feature to be an annoyance.
Network Access Protection
Network Access Protection is a feature built in to Windows Vista that will not be active until the release of Windows Server 2008. NAP is designed to enforce a minimum level of security on client systems before they are granted access to certain network resources or the internet. Policies are determined on NAP Enforcement Points, which are servers located at the periphery of the network such as VPN, DHCP or proxy servers.
These servers will check to see if the client Vista system meets a list of requirements to be allowed network access, such as minimum patch level, recent antivirus definition updates, and firewall settings. Systems conforming to these requirements are granted access, and those that aren't are granted either limited access, or have access revoked entirely, depending on the policy. See Microsoft's page for more information.
Supported Applications
- Symantec AntiVirus Corporate Edition 10.1.x is not compatible with Windows Vista. However, Symantec has released Symantec AntiVirus Corporate Edition 10.2, which is compatible with Windows Vista. That version is available here, and is for the 32-bit version of Vista only.
- Though Internet Explorer 7 for Windows Vista is not exactly the same as Internet Explorer 7 for Windows XP Service Pack 2, most of the codebase is the same, so the Internet Explorer 7 article here generally applies.
- Microsoft has been working with third-party developers, including Mozilla (developers of Firefox and Thunderbird) to ensure that their applications will be compatible with Windows Vista.
Additional Application Information
Please also see the University-Centric Windows Vista Compatibility page for more information on application compatibility.
