A look at the Windows Vista Security Guide

Reading Time: 3 minutes

Microsoft made version 1.0 of the Microsoft Windows Vista Security Guide available on the same day the product went Release to Manufacturing. The guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Microsoft Windows Vista in an Active Directory domain.



The "solution accelerator for Windows Vista Security" is a collection of solutions, tools, step-by-step procedures. In the chapters within the Guide it recommendations on:

  1. Implementing the Security Baseline
  2. Defend against malware
  3. Protect sensitive data
  4. Application compatibility
  5. Specialized security – limited functionality


Security levels

The guide introduces the following levels of security:

  • the Enterprise Client (EC) level
    Security level for desktops and laptops in an Enterprise Active Directory environment based on Microsoft Windows Server 2003 servers only.
  • the Specialized Security – Limited Functionality (SSLF) level
    Security level for organizations where security is more important than functionality. (not intended for most organizations)



Following the recommendations in the Security Guide allows you to centrally control settings related to most of the new security features in Microsoft Windows Vista:

  • User Account Control (UAC)
  • Windows Defender
  • Windows Firewall
  • Windows Security Center
  • Malicious Software Removal Tool
  • Software Restriction
  • Internet Explorer
  • BitLocker Drive Encryption
  • Encryption File System (EFS)
  • Rights Management Services
  • Device Control

Of course the guide includes settings that we've come to love from the Windows XP Security Guide and the Threats and Countermeasures Guide.

When the walls seem to come towards you, your knees start to feel weak and you get that strange feeling in your stomach during using the Security Guide, testing or even applying the settings you can always roll back to the original settings. You should not need to worry about specialized tools. It's all included in the package.



The download package of the guide also includes a detailed description of the Microsoft Windows Vista Group Policies and a Microsoft Excel (compatible) sheet listing the settings corresponding with the two security levels.


One of the most convenient tools in the package is a script that automatically creates all the Group Policy Objects (GPO's) you need to apply the guide to desktops and laptops in your environment. Using the script means you don't need to spend a lot of time manually editing policy settings and applying templates.

For the client computers in the Enterprise Client (EC) environment, the script creates the following four Group Policy Objects (GPO's) corresponding with your security level:

  • Vista Security Guide (VSG) Domain Policy
  • Vista Security Guide (VSG) Users Policy
  • Vista Security Guide (VSG) Desktop Policy
  • Vista Security Guide (VSG) Laptop Policy

So you can easily test and apply them in the way the guide recommends:

Besides introducing the Group Policy Objects (GPO's) in your Active Directory environment it also updates the Group Policy Management Console (GPMC) and the Security Configuration Editor (SCE) tools so you can actually see and possibly edit the new Group Policy Settings in these tools. Remember though: You can only use the script, the GPMC tool and the SCE tool with this guide on a Microsoft Windows Vista computer.



According to Microsoft research the majority of Windows shops is investigating and planning to migrate their desktops and laptops to Microsoft Windows Vista within the next 6 months after the release of the Operating System.

The Vista Security Guide is the easiest way to prepare your Active Directory domain with the Group Policy Objects (GPO's) needed to allow your employees to work securely in their new environment.

Further reading

Jim Baker on the Windows Vista Security Guide
Vista's security guide also rtm'd
Windows Vista Security Guide on the restyled Canadian IT Pro Blog

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.