Anda di halaman 1dari 9

Technical Level: 200

Five Misunderstood Features in Windows Vista

Understanding their Rationale and How to Make them Work for You

No one would expect a new OS administration more controllable

adoption to be easy, and certainly and robust for you, and provide
adopting Windows Vista® across a guidance and tips to make them
desktop infrastructure can come easier to work with.
with a few challenges—but like
many urban myths, perception can User Account Control
quickly depart from reality. In this
article, we will look at five features If there‘s one feature that has
of Windows Vista that are often received a bad rap it‘s User Account
misunderstood, provide their Control, or UAC. One reason this
background and rationale, and feature is misunderstood is because
present the straight scoop on how UAC isn‘t a single feature; it‘s a set
to deal with them. of technologies to help end users
run with Standard User privileges,
So what‘s on your list? You might and reserves Local Administrator
have already guessed many of privileges for IT staff or limited
them, but based on feedback from specific circumstances. One way to
IT Pros in the trenches, here are think about Standard User mode
the ones that often cause confusion versus Local Administrator mode is
and slow Windows Vista adoption to consider a home with or without
for many folks: locks. Certainly ingress and egress
is easier without locks, but you
1. User Account Control wouldn‘t feel very safe. With
2. Image Management Standard User mode configured
3. Display Driver Model across the PC infrastructure, you
4. Windows Search help ensure intruders are unable to
5. 64 bit architecture get to the family jewels.

Each of these features has specific While it has been a design best-
benefits for Desktop (and Laptop) practice since Windows® NT for
management, but they also make software to fully function in
adoption a bit tougher, since they Standard User mode, many
affect two key areas: Application software developers still assume
Compatibility and Hardware local administrator rights will be in
Performance. We will explain the place and develop applications
rationale behind these features, accordingly. With UAC, any action
show how they actually make PC unable to execute in Standard User
mode is either blocked or flagged to Policy. If you suppress the
the user, depending on the security consent prompt, and your
model in place. Instead of allowing account is a member of the local
applications to manipulate registry, administrators group, any
file system, and kernel layers, process that requests
Standard User mode limits the administrative privileges will be
locations where an application can granted those privileges without
write data—in this case, only to the any prompt appearing.
user account folders, limiting risk.
A key goal of UAC in Windows Vista  A Standard User desktop will be
is to help nudge ISVs towards prompted to input administrator
designing applications that function credentials when performing
in Standard User mode. tasks blocked by UAC. Standard
Users in Windows Vista gain
Deploying administrator rights flexibility compared with
across your user base will mean Standard User mode in Windows
that in most cases your applications XP, with access to routine
will work as before—but your settings such as time zone or
exposure to malicious code is much power management. In
higher than in a controlled Standard Windows XP, changing these
User environment. In addition, settings required administrative
Standard User mode reduces the privileges. In addition, UAC
configuration changes end users enables file/registry
can make—reducing potential virtualization to allow
disruption and help desk calls. applications to write to protected
locations without an escalation
So how does UAC affect PC user in privilege. This allows many
experience? legacy applications that required
administrative privileges under
 If you are logged in as an Windows XP to run with
administrator on your personal standard user privileges, with no
workstation, you‘ll see a consent prompts, under Windows Vista.
prompt each time you go to
exercise a task that requires In some cases, prompts are
administrator privileges. Many triggered by third-party applications
IT Pros perform administrator that have not been written to run
tasks regularly—managing with Standard User privileges.
systems via MMC, installing new
software, and other similar As mentioned earlier, software
operations. IT Pros who design best-practices have long
regularly perform administrative held that applications should write
operations can change the data into a user‘s profile rather than
behavior of this prompt for their using the Program Files directory
workstations, including for per-user storage. In Windows
suppressing it entirely via Group Vista, file system and registry

Page |2
virtualization redirects many writes management process, but this does
to Program Files to per-user involve a few differences and
locations automatically, to help tradeoffs:
ensure legacy applications will run
as standard user. For third-party • One of the most important
software that requires changes with Windows Vista for
administrative privileges, check IT administration is the adoption
with your ISV to see if they have a of file-based imaging, using the
version of the software that will Windows Image Format (WIM).
work well for Standard Users; if This architecture allows a single
not, there are many options for language-independent and
mitigating incompatibilities from hardware-independent image to
shimming to recoding your be deployed across the
applications. For more information, infrastructure, and allows
visit Application Compatibility on deploy-time injection of
TechNet. deployment packages (drivers,
updates, language packs) into
the image. This means you
Tip: Enterprises should not run as rarely need to recapture the
default in Protected Admin mode, base image, but rather can
because there are really no apply updates by adding the
benefits—only the pain of prompts. packages as components to the
Instead, strive to move users to a automated installation process.
Standard User profile. The This format also provides a fail-
Application Compatibility Toolkit safe environment for
can also help to troubleshoot and deployment, since it does not
remediate applications that fail to disturb the current file set.
run under standard user privileges
in Windows Vista. • Several new capabilities in
Windows Vista do result in a
larger memory footprint, such as
Image Management Windows Search and Windows
Defender. These capabilities are
Few people relish change, especially designed to enhance the
when it comes to getting their jobs productivity of end users and
done. For IT Pros managing the help secure the desktop, but will
image creation and deployment require more robust hardware
process, Windows Vista represents and adequate RAM. If you have
some significant changes over third-party tools for desktop
Windows XP, but image search or malware protection, it
management is an area where is recommended that you select
Windows Vista provides the most one tool per function to avoid a
benefit for implementation. The redundant drain on system
goal of the architectural change is resources.
to simplify the image creation and

Page |3
• The Windows Vista SP1 Display Driver Model
integrated image is typically
around 3-4GB, depending on the One of the key changes in Windows
number of applications included Vista was the introduction of a new
in the captured core image. display driver model that provides
These image files can be greater system stability, and
delivered to targeted computers enables the Aero® desktop
via DVD media, USB devices or experience visual interface. The
via network deployment using key thing to understand is that this
Windows Deployment Services technology goes beyond just
(WDS). WDS also now enables improving the visual design; the
multicast transmission of WIM architecture delivers significant
files, so if you are concerned gains in reliability and performance.
about passing a 4 GB image a
hundred times over your In Windows Vista, the WDDM driver
network (400 GB total model has two components, a
bandwidth consumption), streamlined kernel mode driver,
multicasting allows you to and a user-mode driver that does
perform the action and limit the most of the calculations. The design
bandwidth consumption to 4-8 is simplified by eliminating the need
GB. to include code for the various
device driver interfaces introduced
• Planning, preparing, testing and through the years; instead, a single
distributing these images over interface recognizes previous
the network is easier than with version drivers. The WDDM
previous operating systems, but architecture elevates most of the
it is still a good idea to look at driver execution out of the kernel
deployment guidance process mode, so a driver problem can be
integration tools like those contained, instead of affecting the
provided with the Microsoft full OS. WDDM also provides fault-
Deployment Toolkit. tolerance against display driver
hangs, with the Timeout Detection
Tip: An IT organization should have a and Recovery function enabling
robust multi-casting solution (such as Windows Vista to restart the display
System Center Configuration Manager) driver without a full system reboot.
to balance out the network load when
deploying Windows Vista across the The Windows Vista driver model
infrastructure, and the use of the takes advantage of advances in
Microsoft Deployment Toolkit can powerful, inexpensive display
automate the deployment process with processing power, and enables the
zero-touch and light-touch options. Aero interface to provide a richer
user experience. One trade-off of
the Aero interface is that it requires
a graphics processing unit (GPU)
that supports WDDM, and has

Page |4
dedicated memory on the graphics an application would consume a
card. PCs with an integrated large proportion of resources when
graphics card may not support the it needs to work harder—such as
Aero visual interface. However, the following the PC setup, or when a
stability and performance large number of files are copied. As
advantages of WDDM are available a service, Windows Search takes a
independent of Aero. bit more time to accommodate
these one-off events, but there is
Tip: PCs that are not up to the far less impact on available
hardware requirements for computing resources.
Windows Vista should be operated
in “Basic” mode with Aero turned Tip: Because of the processor
off. overhead required, it is unwise to
have multiple desktop indexing
technologies operating
Windows Search simultaneously.

A complaint often lodged at

Windows Vista is that it seems to 64-bit Architecture
run a bit slower than Windows XP.
We‘ll get to that in a minute, but 64-bit computing is definitely the
Windows Vista is doing a lot more direction of the future, and its
than any previous operating primary advantage over 32-bit
system. One of the most significant computing is in access to system
improvements in Windows Vista is memory. 32-bit Windows is limited
the ability to rapidly search all the to 4GB of memory, and depending
files on the desktop, whether they on the devices present, can access
reside in folders, as an email between 2 to 3.5 GB of ―user
attachment, or somewhere else on available‖ memory. In contrast, the
the PC. Windows Search does Business and above SKUs of 64-bit
require that the processor Windows Vista can access 128GB of
continually index file locations so memory.
they can be quickly retrieved at
will. An important consideration,
however, is when and how a user
Indexing for near instantaneous should install Windows Vista in 64-
search results for desktop files, bit (x64) over 32-bit (x86). For
even embedded in email messages, mainstream consumers and
is a resource-intensive task— businesses, Windows Vista x86 will
requiring the PC to continually scan be the preferred operating system
the hard drive for changes. On for the next couple of years.
Windows Vista, the search engine is
set up as a service rather than an High End Workstations (HEWs)
application. This approach reduces users should choose the 64-bit
the burden on system resources, as version. Complex engineering,

Page |5
audio, or graphics applications often a device that is just a few years
come with the requirement for old may not have a driver
access to additional memory, so available. This driver issue may
x64 would be the preferred also affect specific 32-bit
platform. For example, 3DS Studio applications that attempt to
Max, Maya, and Cakewalk are install drivers for software
available today compiled in 64-bit. protection, as those drivers will
However, the number of native 64- not run on 64-bit Windows.
bit applications is small relative to
the availability of native 32-bit • Specific applications, for
applications. example those that are very
math intensive, may see
While 64-bit processors are performance increases when
standard in almost all machines tuned to 64-bit Windows.
shipping on the market today, you However, most applications will
will want to consider other factors see little change in performance.
when thinking about 64-bit In most cases, 32-bit
deployments: applications (such as Microsoft
Office 2007) are just as
• The application compatibility responsive running on 64-bit
between 64-bit Windows and Windows as they are on 32-bit
32-bit Windows is significantly Windows.
higher than between 16-bit
Windows and 32-bit Windows.
Indeed, many 32-bit Windows
applications will simply run out Tip: If you are thinking about
of the box. However, there are deploying 64-bit Windows Vista,
exceptions—64-bit architecture the first step is to inventory and
does not support 16-bit test your applications and
applications, and Windows 3.1 peripherals to see whether 32-bit
sub-systems are unavailable. In Windows Vista might be a better
addition, a number of older 32- choice.
bit applications use 16-bit
installers, which prevents them
from installing on 64-bit

• All logoed Windows Vista device

drivers must have both 32-bit
and 64-bit versions. This means
that over-time there will be a
great variety of 64-bit device
drivers available. However,
because a 32-bit device driver
won‘t work with 64-bit Windows,

Page |6
Internet Explorer® 7 protected
Adoption Impact

mode—helps protect against
elevation-of-privilege attacks by
restricting ability to write to any
So what is the impact of these local computer zone resource
features on the two issues that other than temporary internet
affect Windows Vista adoption— files—like UAC for Internet
Application Compatibility and Explorer. If you have a web-
Performance? based LOB application that fails
to run under Internet Explorer
Application compatibility is the protected mode, try placing the
biggest issue preventing IT Pros application in the Trusted Sites
from adopting Windows Vista into zone in which Internet Explorer
their organization. Part of this is protected mode is disabled.
perception based on fact—Windows
Vista is built on a new architecture • Operating system and browser
that promises tightened security version changes: the OS and
and improves stability. browser version numbers
Consequently, the applications that change with each release, which
ride on top of Windows Vista need might cause issues with
to communicate with the kernel in applications that check for a
different ways. So what has helped specific version number upon
fuel current perception around installation. Application shims
application compatibility? Why did are available to fool the
many applications ‗break‘ in the application into thinking the
migration from Windows XP to operating system or browser is
Windows Vista? Most application the application-required version.
compatibility issues with early
versions of applications can be • Windows Resource Protection
attributed to one of the following: (WRP)—this enables applications
to function properly by
• Standard User mode limits file redirecting attempts to write to
and registry access by protected files or registry
applications on the computer. locations, but may reject
User Account Control exposes installing applications that
non-compliant actions, with improperly attempt to modify
permission prompts to Standard these protected locations (see
and Administrator users. UAC above).
Changes in permissions will
cause most of the issues with • New driver model—drivers
earlier versions of applications, moved out of the kernel, so
where administrative access was applications need to be modified
assumed during development to address the new location.
and testing. This provides an advantage for
managing Images in Windows

Page |7
Vista, such as offline edits, but Hardware Performance
requires a different access
model in the application. We‘ve heard some of you say that
Windows Vista runs slower than
• Applications written with Windows XP on a given PC. So
undocumented APIs may fail at what‘s really happening here? First,
runtime. we need to avoid comparing apples
to oranges—Windows Vista is doing
However, in this case time has been a lot more than Windows XP, and it
healing most wounds: requires resources to conduct these
tasks. That said, it is important to
Since RTM, the number of Windows make sure a PC running Windows
Vista compatible applications and Vista has enough horsepower to
devices has increased substantially, function properly, especially for
to over 2,500 applications, and to older PCs running a minimal
over 15,000 signed devices and amount of RAM, since the Windows
components. 98 of the 100 top Vista footprint is larger, bottlenecks
selling applications and 46 of the will occur. The Microsoft
top 50 downloaded applications on Assessment and Planning tool are now compatible (MAP) is valuable for making
with Windows Vista. See infrastructure-wide assessments of for a hardware capability, and provides
comprehensive list of Windows both macro (overall organization)
Vista compatible applications. and micro (individual PC drill-down)
Windows Vista SP1 is now available,
including all previously released While the minimum requirements
updates and improving reliability, for the Windows Vista operating
security and performance, along system are highlighted on the
with improvements in Windows Vista TechCenter, it is a
administration and hardware good idea to validate hardware
support. For more information on performance with your intended
Windows Vista SP1, please see the application stack before setting
Overview of Windows Vista Service your organization‘s standard
Pack 1. hardware specifications. When
standardizing on Windows Vista
Tip: Before moving into a pilot with operating systems – especially for
Windows Vista, conduct a complete those using the Windows Aero
assessment of the Application inventory appearance settings – many
in your organization. The Application organizations have found that 2 or
Compatibility Toolkit (ACT) can help more GB of RAM, 2 GHz or faster
automate this assessment. For LOB processors, and compatible
applications that aren’t able to move to graphics adapters yield good
Windows Vista, you might consider results.
running them in a virtualized instance of
their compatible OS on the Windows
Vista desktop.

Page |8
Organizations using Windows Basic
Tip: The Microsoft Assessment and
appearance settings in their PC
Planning tool can aid in determining
environment can reduce these
your organization’s readiness for
recommendations considerably and
Windows Vista, both on a macro level
approach published minimum
(infrastructure-wide perspective), and
system requirements for those PCs.
a drill-down to any specific PC requiring
This may be useful if your
updates to run Windows Vista
organization is in the middle of a
hardware refresh cycle and would
like to standardize the operating So what else is on your list that you
system version to qualified existing would like to hear about? Do let us
hardware. Depending on how know—please email us at
workstations are used in your We
organization, you can tailor understand that adopting a new
hardware specifications and operating system into the desktop
operating system configurations – environment is a complex and
including appearance settings – challenging undertaking, and we
according to your user roles and hope that this article offers a useful
operational needs. perspective on perceived
challenges, and to help you plan
On machines configured with the preventative measures to avoid
appropriate specifications for their disruption.
operating system, the speed of
most operations and tasks between For more straight-talk advice and
Windows Vista and Windows XP is adoption guidance, please visit
virtually on parity. Which is pretty
remarkable when you consider one board
key thing Windows Vista is doing
that Windows XP isn‘t: indexing for
near instantaneous search results
for desktop files, even embedded in
email messages. The result is users
can find information significantly
faster (measured in minutes), © 2008 Microsoft Corporation. All rights
reserved. Microsoft, Aero, Internet
increasing productivity far in excess Explorer, Windows, and Windows Vista are
of the loss in speed of operations registered trademarks of Microsoft
(measured in milliseconds). Corporation in the United States and/or
other countries.

Page |9