Finally have I have Vista installed on a machine again. I haven’t had much time to work with it. It is in the class lab, so hopefully some of the students will take advantage of the access too.
I did take a look at the service changes. No longer are most service run as Local System. Rather many of them are either run as “Local Service” or “Network Service”. These “users” don’t appear in the normal user list. But you can look at the “user rights assignment” to see what privileges are assocated with these service users.
In the “user rights assignment” there is “Modify an object label” privilege which is not assigned to any user by default. The explanation implies that it is the integrity label, which definitely looks mandatory. From some of the online documentation it looks like there are “low” versions of many directories. For example in my AppData directory, there is a local and a locallow directory. Presumably the locallow version is set at the lower integrity label. I couldn’t figure out how to determine levels from GUI. Guess I need to dig in and write up a command line tool.
I had heard that the granularity of auditing had improved from NT days. But looking at the local security policy, the number of items that you can enable for audit looks about the same.