Session 1: Security Enhancements in Windows Vista 53

What Is BitLocker Drive Encryption?

BitLocker Drive Encryption is a new feature in Windows Vista that encrypts the contents
of the entire boot volume. The boot volume contains the operating system files and user
data. The system volume is not encrypted, and contains just enough information to verify
system integrity and begin the boot process by accessing the boot volume.
When the computer is booted and running, BitLocker Drive Encryption is completely
transparent to the user. Windows Vista uses a filter driver to encrypt and decrypt data as
it is accessed with very little overhead.
You can configure BitLocker Drive Encryption to ask the user for a PIN during the boot
process. This ensures that only authorized users can start the system and access data.
When BitLocker Drive Encryption does not ask the user for a PIN, the data is protected
from offline access, but a hacker could guess the password for a user and gain access to
the data. Gaining the user’s password could be done by using social engineering.
BitLocker Drive Encryption is designed to store encryption keys in a trusted platform
module (TPM). A TPM is a microchip that is affixed to the motherboard of a computer. It
stores keys, passwords, and digital certificates. Information stored in the TPM is more
secure from external software attacks and physical theft than data stored on disks. If your
computer does not have a TPM, encryption keys must be stored on a USB drive.
54 Session 1: Security Enhancements in Windows Vista
What Are the BitLocker Requirements?

Your computer must meet some very specific configuration requirements before it can
use BitLocker Drive Encryption. Components that must meet the requirements include
volume configuration, BIOS features, and TPM.
To use BitLocker Drive Encryption you must have at least two separate volumes:
• The boot volume is the volume that contains the Windows operating system. This
volume must be formatted with NTFS and is encrypted by BitLocker.
• The system volume is the volume that contains the hardware-specific files required to

load Windows. The BIOS finds the system volume by searching for the active
partition on the disk. For BitLocker to work, the system volume must not be
encrypted, must differ from the boot volume, must be formatted with NTFS, and
must be at least 1.5 gigabytes (GB). Data on this volume is not encrypted.

If a TPM is used to store encryption keys:
• The TPM must be version 1.2.
• The system BIOS must support at least version 1.2 Trusted Computing Group (TCG)
standards.

If a USB drive is required for key or PIN storage:
• The system BIOS must support accessing USB storage devices.
Session 1: Security Enhancements in Windows Vista 55

Comparing BitLocker to Encrypting File System

BitLocker and the Encrypting File System (EFS) are both used to encrypt data. However,
they are designed for use in different situations. Depending on your needs, BitLocker and
EFS can be used together.
Differences between BitLocker and EFS are:
• BitLocker is a comprehensive system that protects all data on the boot volume,
including temporary files, the operating system, paging files, and user data. EFS
protects only specific files and folders. EFS cannot be used to protect operating
system files.
• BitLocker protects system integrity during the boot process by looking for system
changes. EFS does not protect system integrity.
• Only administrators can enable or disable BitLocker. All users can encrypt files by
using EFS.
• BitLocker does not restrict file access to particular users. EFS can be used to share
files with just specific users.

56 Session 1: Security Enhancements in Windows Vista
• BitLocker stores encryption keys in a TPM or on a USB drive. EFS stores encryption
keys in user profiles.
• BitLocker can prevent system startup without a PIN. EFS cannot prevent system
startup.
• BitLocker requires two volumes to operate. EFS can be used on a system with a
single volume.
Session 1: Security Enhancements in Windows Vista 57

What Is Rights Management Services?

Windows Rights Management Services (RMS) is data protection technology that
safeguards digital information from unauthorized use. The usage policies for data
documents are embedded within the documents. This allows policies to be persistent
inside the corporate firewall, outside the corporate firewall, or when distributed to other
entities, whether online or offline.
Some situations where RMS can be used:
• Protecting confidential e-mail messages. Traditionally, users lose control over e-mail
messages after they are sent. A recipient that gets a message can forward the message
and any attachments to anyone inside or outside the organization. When RMS is used,
unauthorized recipients are unable to open e-mail messages.
• Enforcing document rights. In some cases, employees or users outside the
organization need access to information for only a specific period of time. For
example, during the due diligence process during a company buy out, an external
auditor might require information only for a few weeks during the evaluation process.
When RMS is used, the financial statements and other documents can be set to expire
after a period of time. After the expiry, the contents of the documents are no longer
accessible.
• Distributing media content. Media vendors can use RMS capabilities in Microsoft
Windows Media® Player to control distribution and playback of content. This

ensures that only legitimate customers are able to view and listen to videos and music.
58 Session 1: Security Enhancements in Windows Vista
How Rights Management Services Works

RMS relies on both server and client software to function properly. To understand how
RMS works, you must understand the rights management components and the rights
management process.
Rights management components include:
• Windows RMS server software is a Web service for Windows Server “Longhorn”
and Windows Server 2003 that handles certification of trusted entities, licensing of
rights-protected information, enrollment of servers and users, and administrative
functions.
• Windows RMS client software is a group of Windows APIs that facilitate the
computer activation process and allow RMS-enabled applications to work with the
RMS server to provide licenses for publishing and consuming rights-protected
information. Windows Vista includes Windows RMS client software.
• RMS-enabled applications are applications that are designed to communicate with
Windows RMS client software on the local workstation to obtain licenses for
publishing and using rights-protected information. Applications that are not RMS-
enabled are unable to open rights-protected information.

Session 1: Security Enhancements in Windows Vista 59

The rights management process is as follows:
1. The user protects information within an RMS-enabled application.
2. The RMS server validates the user credentials and conditions for protecting
the information.
3. The information is encrypted by the RMS-enabled application.
4. Recipients open the rights-protected information by using an RMS-enabled
application.

5. The RMS server validates the credentials of the recipient and issues a license
for using the information.
6. The RMS-enabled application enforces the usage rights and conditions for
the rights-protected information.
7. If the recipient is permitted, the information is opened in the RMS-enabled
application.
60 Session 1: Security Enhancements in Windows Vista
Demonstration: Configuring Rights Management

In this demonstration, you will see how you can:
• Configure rights management for digital media.

Key Points
• Rights management can be used to control how information is used inside and
outside your organization.
Session 1: Security Enhancements in Windows Vista 61

Session Summary

This session provided an overview of some of the new security features in Windows
Vista. The following topics were discussed:
• Security Risks. This topic discussed security risks and how Windows Vista addresses
them. In addition, security-related platform improvements were presented.
• Malware Protection Features. This topic discussed how malware gets installed and
how Windows Vista protects against it. Specific features for preventing malware
include Windows Service Hardening, UAC, and Windows Defender.
• Network Access Protection Features in Windows Vista. This topic discussed how
Windows Firewall and NAP address network security risks. Windows Firewall has
been enhanced with outbound filtering and new administrative tools. NAP is a new
tool for enforcing the health of client nodes on the network.

• Internet Explorer 7 Security Enhancements. This topic discussed security
enhancements in Internet Explorer 7, which are included with Windows Vista.
Enhancements include Protected Mode, Pop-up Blocker, and the Phishing Filter.
• Data Protection Features. This topic discussed how new features in Windows Vista
address the data protection requirements of organizations. BitLocker Drive
Encryption and Rights Management Service were explained.
62 Session 1: Security Enhancements in Windows Vista
Questions and Answers


Session 2: User Productivity
Enhancements in Windows Vista

Table of Contents
Session Overview 1
Increasing Productivity 2
User-Interface Enhancements 5
Productivity Utilities 19
Features for Mobile Computers 29
The Boot Process 39
Power Management 46
Session Summary 52
Questions and Answers 53


Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any
real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or
should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting

the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft
makes no representations and warranties, either expressed, implied, or statutory, regarding these
manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or
product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third
party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of
any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not
responsible for webcasting or any other form of transmission received from any linked site. Microsoft is
providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of
Microsoft of the site or the products contained therein.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights
covering subject matter in this document. Except as expressly provided in any written license agreement from
Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property.
© 2006 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, Aero, Bitlocker, BizTalk, DirectX, Internet Explorer, NetMeeting, Visual
Studio, Windows, Windows Media, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective
owners.
Session 2: User Productivity Enhancements in Windows Vista 1

Session Overview

Introduction
The Microsoft® Windows Vista™ operating system provides a number of features that
make Windows easier to use and increase productivity. This session provides an
overview of the new features in Windows Vista that are seen and configured by users.

Information technology professionals must be aware of these features to help educate
their users.
Objectives
After completing this session, you will be able to:
• Describe the causes of lost productivity.
• Describe the user-interface enhancements to Windows Vista.
• Explain the new productivity utilities.
• Describe the new features for mobile computers.
• Understand the Windows Vista boot process.
• Explain power management.
2 Session 2: User Productivity Enhancements in Windows Vista
Increasing Productivity

Introduction
Organizations do not implement new operating systems because they are pretty, or
because they have good television commercials. An operating system update must
enhance the productivity of users to have value to the organization.
Objectives
After completing this section, you will be able to:
• Describe the causes of lost productivity.
• List the productivity enhancement features in Windows Vista.

Session 2: User Productivity Enhancements in Windows Vista 3

Causes of Lost Productivity

When an operating system is designed, a lot of work goes into ensuring that users are as
productive as possible. Despite this effort, there are always places where improvements
can be made.
Some of the causes of lost productivity are:

• Misplaced information and searching for files. Some users do not keep track of where
they save files or which versions are which. They may waste a significant amount of
time as a result.
• Difficulty collaborating on documents or projects.
• Inaccurate data entry by poor typists.
• Difficulty finding how to change settings.
• Unavailable data due to an unbootable personal computer.
• Portable computers that run out of battery power unexpectedly.
4 Session 2: User Productivity Enhancements in Windows Vista
Windows Vista Productivity Enhancement Features

To address the causes of lost productivity, a number of new features have been
introduced in Windows Vista. These features make Windows Vista more usable than
previous versions of Windows and more available.
New productivity features include:
• User-interface enhancements for locating data.
• Search enhancements for finding data.
• Collaboration capabilities built into the operating system.
• Speech Recognition to speed up data input.
• Windows Mobility Center to control portable computer settings in a single location.
• Sync Center to synchronize data with mobile devices and servers.
• The Startup Repair Tool to automatically fix unbootable computers.
• Improved power management to improve battery life of portable computers.

Detailed information about these features is covered later in this session.
Session 2: User Productivity Enhancements in Windows Vista 5

User-Interface Enhancements

Introduction

The new user interface in Windows Vista makes it easier to find the data you need, when
you need it. Windows Explorer has been enhanced with new views that make it easier to
organize your data. The AERO interface improves the display capabilities of Windows
Vista and makes it easier to read data. The improved search function makes searching for
files much faster than previous versions of Windows.
Objectives
After completing this section, you will be able to:
• Describe the new features in Windows Explorer.
• Describe the AERO interface.
• Understand the index.
• Describe the ways to search for files.
• Explain what metadata is.
• Understand saved searches.
6 Session 2: User Productivity Enhancements in Windows Vista
What Are the New Features in Windows Explorer?

Windows Explorer has been enhanced to make finding and organizing data easier. The
most dramatic visual change is the AERO interface. Searching has also been significantly
improved with the ability to control indexing, and tag files with keywords.
Information Visualization
The new Document Explorer, replacing the My Documents folder in Microsoft
Windows® XP, is much more powerful. Instead of simply showing icons for documents,
Document Explorer shows high-resolution thumbnails that preview document content.
Users can dynamically adjust the size of these thumbnails up to 256x256 pixels, which is
large enough for users to know whether they've found the right document without
opening it.
Enhanced Column Header Controls
Enhanced column header controls take advantage of the extensive use of file properties in
Windows Vista. With the enhanced column header controls, you can more easily manage
the large numbers of files that may be shown in an Explorer window or within your

Search Results window. The enhanced column header controls have drop-down menus,
which can display all of the values across any of the columns of information associated
with your files.
Session 2: User Productivity Enhancements in Windows Vista 7

Stack View
The enhanced column header controls also feature two new views that you can use to
browse your content. The Stack view displays your content stacked by the values in a
specific column. For example, if you select the Authors column header and choose to
stack by author, all of your files currently in view will automatically be rearranged into
stacks organized by the author’s name.
These stacks behave like traditional folders, so you can click to open them and see all of
the items located in that stack. Unlike traditional folders, however, stacks have no
physical location on your computer. In a sense, they are virtual views of your content.
More importantly, if a file has two authors (for example, a document was authored by
Tim and Paul), that file is included in the stacks for both Tim and Paul, providing you
with the ultimate flexibility in how you find and organize your files.
Group By View
The Group By view is similar to the Stack view, but it takes the content files and places
them into groups according to the values of a particular column header. Grouping your
files by author will give you a more granular view of which documents belong to which
author.
8 Session 2: User Productivity Enhancements in Windows Vista
What Is the AERO Interface?

The Windows Vista user interface, code-named "AERO" (Authentic, Energetic,
Reflective, and Open), is easier and more fun, even as it makes users more productive.
Computers designed for Windows Vista create a professional and attractive environment
based on a theme of translucent glass. Even applications created before Windows Vista
become more attractive because Windows Vista has improved wizards and common

dialog boxes that are shared by all applications.
Users with high-resolution monitors can finally take full advantage of their displays
because Windows Vista smoothly scales icons and windows. As a result, users do not
have to squint to read an e-mail message on their new 1600x1200 portable computer
display. Users who have previously used lower resolutions to make text more readable
can increase the display resolution for added clarity and sharpness without decreasing
readability.