Cleaning House with Vista

I had an interesting conversation today with the Sr. Desktop Platform Engineer for one of my larger enterprise customers (hint: They own a big chunk of 7th Avenue near Times Square in NYC). He summed up their Vista deployment strategy thusly: An opportunity to “clean house” by clearing out the many hacks, workarounds and stopgap fixes they have been applying to XP over its nearly 5 year tenure on their trading floor workstations and end-user desktops.

For them, Vista isn’t about any particular feature or capability. Rather, its the opportunity to start with a fresh OS image that is more current than XP and that provides the facilities they need to effectively maintain a simplified desktop computing stack.

Case in point: Security. Right now, his organization is stuck maintaining a host of custom user privilege elevation utilities to allow them to work around XP’s predilection towards breaking when the logged-on user isn’t running with Administrator privileges. As a financial services company, they decided long ago to eschew XP’s default security model and to eliminate – where possible – all connection between the user’s Active Directory domain account and the local Administrators group on the client.

Unfortunately, taking away local admin privileges also meant that the user couldn’t perform a variety of seemingly mundane tasks, like changing the time zone for the system clock or installing a new printer. Hence the need for the custom elevation utilities. Vista, with its UAC mechanism, allows them to continue to implement a restricted user model while at the same time providing for seamless elevation if/when the user wishes to perform a system-level – yet non-threatening (to corporate security) – task, like the aforementioned time zone change. And this, in turn, allows them to drop yet another layer of legacy, custom code (the elevation tools) from their overall desktop computing stack.

Of course, my contact was quick to point out that, even with the potential upside from the better integrated elevation mechanism, they still haven’t decided whether Vista is their ultimate target for an upcoming 2008 desktop image refresh (which, incidentally, includes standardization on a 2.4GHz Core 2 Duo platform with 4GB of RAM…nice). One issue of concern is performance. Like me, they’ve been assessing the kind of hit they’ll have to take by moving from XP to Vista. And like me, they’re concerned about runtime performance in time-sensitive computing environments (after all, they do run some of the busiest Wall Street trading floors in the world).

So at the end of the day, even with Service Pack 1 now leaking out the masses (my contact was in the process of downloading and testing the RC1 bits as we were speaking), the jury’s still very much out on Vista in the Fortune 100 space. It may be that they’ll bypass Vista altogether (my personal recommendation) and continue using XP until they know more about what Windows 7 will bring to the table. Regardless, I’ll be sure to keep an eye on their decision making process in the weeks and months to come – should tell me a lot about Vista’s ultimate fate on the enterprise desktop.