[olug] Vista is AMAZING!!!!

Dave Hull dphull at gmail.com
Tue Jul 17 03:50:54 UTC 2007


I had some money left over in my budget at the end of the FY and
ordered a nice Dell Quad Xeon x86_64 bit system with 4GB RAM, 2 160GB
SATA drives mirrored, dual monitors, etc. Since I work in a Windows
environment, I figured I'd better order it with Vista though XP was an
option. We don't have any Vista anywhere, but many of our software
vendors are putting out Vista versions now so we will be forced to go
eventually.

When the system arrived I played around with the existing OEM cruft
laden install knowing full well I would wipe it and reinstall from
scratch. It wasn't as bad as I thought it would be. Everything worked
and the speed wasn't any worse than my current XP box, which isn't as
powerful, granted.

As for being prompted to "Cancel" or "Allow" all of the time, that's
actually a good thing if you're a paranoid security wonk, but let's
face it, the typical Windows user is going to click "Allow" for
everything, but in a Domain environment, one can create a policy to
prevent users from seeing this box, denying them the option to "Allow"
altogether.

Incidentally, last Wednesday I sat in on SANS 530 Windows Vista
Security course and there are some good features from a security
standpoint in the new OS like a partial Biba implementation with
mandatory access and integrity controls such that even if you're
Administrator on the box and have permissions to objects on the system
you can still use the integrity controls to keep from screwing things
up.

If you want full Biba, you'll have to download some third party tools
that are Free so that you can fully control the various integrity
labels for system objects.

IE7 runs with the lowest integrity level by default and should (keep
your fingers crossed) prevent so many browse-by malware infections
from happening. But again, I'm confident the blackhats will find ways
around all Microsoft's new protections, but they are really trying.

The Windows Firewall now has "Advanced Features(tm)" and actually is
much improved. The "Parental Controls" are downright scary with the
amount of logging and reporting features that they include.

There's something MS is calling "Powershell" that you can download for
Vista (and XP SP2) and supposedly it's very powerful. I've got it, but
haven't dug into it. I'm told by those Windows folks far more
knowledgeable than me that with Powershell an admin can pretty much
script everything that can be done in the GUI. It's about fricking
time.

I tried (very little) to find a DHCP server that I could run on this
system. It's multi-homed and I wanted to string a switch off of one of
it's NICs and hang a test bench off of the switch. This is something
I've been doing with a Linux box with good success for years. Forget
it. Microsoft doesn't have a DHCP server that you can run on Vista.
You have to have 2008 server beta or 2003 server. 2008 Server Beta
kept puking on this system.

So I downloaded RHEL Linux 5 and installed it one the box. Of course
the NVidia card wasn't properly recognized. Nothing new. I downloaded
the driver from NVidia and got it working. The sound card wouldn't
work and it turns out Creative isn't producing drivers for Linux until
late in the year, apparently they spent all their time developing a
Vista driver.

At the end of the day, I couldn't live without sound so Vista went
back on the box... for now.

Most people I talk to and work with in IT are putting off the
conversion to Vista for as long as possible and I think that's going
to hurt Microsoft (very little). Unfortunately, I think many software
vendors believe their survival is tightly intertwined with Microsoft.
They will produce Vista versions that won't run on XP and people will
be forced to upgrade. We are tentatively planning to go to Vista next
summer.

I'm told SP1 will be out in November. Since changing jobs in October,
I've learned more about Windows than I ever wanted to know (I still
have lots to learn), but after years of working as a Linux admin, I
figured I'd better get some exposure to the other side.



More information about the OLUG mailing list