A major roadblock to adoption in the minds of IT mangers is the lack of a service pack. This will soon be resolved as Microsoft releases SP1 in early 2008. Another is the lack of application compatibility, but there are some specific changes that affect how applications work on this new environment.
Another significant security change is the introduction of Windows Resource Protection (WRP), which protects key areas of the registry and the Windows file system. If applications modify these areas, then they will fail when you try to run them.
Vista also introduces a significantly different firewall. The Vista Firewall is on by default and may affect how applications that need access to external connections may work on this new platform.
But among the most significant changes in security is the modification of the logon process. In previous versions of Windows, Microsoft relied on the Graphical Interface for Network Authentication, or GINA. In Vista, Microsoft has moved to the Credential Manager and has completely removed the GINA. This means that any application that is integrated to the logon process must be completely revamped so that it can work with Vista.
These are only a few of the changes that Microsoft has introduced in Vista. In short, every application you run must be evaluated for compatibility with Vista. Use the following table to review how security components will change the way your applications work:
|Runs all processes with a standard user token. Applications that require elevated rights will fail unless they are run as Administrator.|
|Windows Resource Protection||Protect both the file system and the registry from unauthorized changes. Applications that write to protected areas of the registry or the Windows folder structure will fail.|
|Vista Firewall||Relies on the Windows Filtering Platform, which filters at several layers in the networking stack for better system protection. Applications that cannot take into account firewall restrictions will fail.|
|Credential Manager||Vista now uses the Credential Manager for all logons. Applications that do not take this into account will fail.|
You can test all applications and prepare them for Vista, but consider using application virtualization. It does away with these security issues in one fell swoop. To learn more about application virtualization, take a look at the Application Virtualization: Ending DLL Hell once and for all webcast.
Moving to application virtualization is the easiest strategy for a Vista migration, and it gives the best return on investment when it comes to application lifecycle management. Keep this in mind when you prepare your own path toward a Vista migration.Danielle Ruest and Nelson Ruest are IT professionals specializing in systems administration, migration planning, software management and architecture design. Danielle is a Microsoft MVP in virtualization, and Nelson is a Microsoft MVP in Windows Server. They are authors of several books about Windows and are currently working on the Definitive Guide to Vista Migrationfor Realtime Publishers as well as the Complete Reference to Windows Server 2008 for McGraw-Hill Osborne.
This was first published in January 2008