Vista & Longhorn Server’s “Improved” Security

“Windows Vista is the most secure Windows ever!” — or so Microsoft claims. That’s not much of a boast however, I mean, if an operating system doesn’t get more secure as it progresses and evolves, there is certainly something fishy going on. So we weren’t too impressed by those claims in particular. But that doesn’t mean Vista isn’t actually secure (especially when compared to the competition). In fact, Windows Vista’s end-user security is down-right excellent, as we reviewed it back when RC1 came out.

“So what’s the problem?” Windows “Longhorn” Server is!

No, we’re not joking. Under the circumstances, we wish we were too. But we’re not. While Windows Vista’s security has steadily improved build-by-build, and while Longhorn’s kernel and applications may be more secure, Windows Longhorn Server as a whole most certainly isn’t. Why?

  • Because it never prompts you to set an Administrator password!

    Longhorn Server actually completely installs, sets up the firewall, dowloads the latest security updates and then “forgets” to set an administrator password. Maybe it’s not that bad — after all, these are IT admins using this product, certainly they won’t forget to set a password, will they? Even though Windows Longhorn Server can go the whole way and install Active Directory and create a Domain Administrator account without asking for a password! But maybe Microsoft just has faith in our IT administrators today…
  • What about password complexity models?

    Yes, they’re gone too. Everyone at some point complained about Microsoft’s extremely stringent password complexity requirements that every user – domain admin or otherwise – had to comply to in order to protect their account. Yet, it most certainly was better than letting users pick any old password – but even that was better than nothing. Because that’s what Longhorn Server’s password complexity requirement is: nothing! It doesn’t care if you assign new users a password or not; and should you choose to use the user’s name as his or her password, it doesn’t mind. Your password can be a letter or ten, it can be all numbers or symbolic, 1337–speak or not, to Longhorn Server: it doesn’t matter.

What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf.. But it seems Microsoft is more than willing to flip that page back – even Windows Server 2000 required an Administrator password at the very least.

Like we hinted earlier though, the entire structure of Windows Longhorn Server is more secure. The way it processes data, the way IIS 7 has been designed, the intelligent firewall that ships with the Server OS (for the first time), and more; Longhorn Server really did look quite good. But now it doesn’t even ask for a password.. What’s up with that?!

[this story on digg]

13 thoughts on “Vista & Longhorn Server’s “Improved” Security

  1. Windows2003 or Windows 2003R2 server doesn’t require administrator password at all. Eventhough it would be stupid not to use one.

    Just my 2 cents.

  2. If “Administrator” doesn’t have a password, than that account only works from the console. Tee hee.

  3. For what it’s worth, Windows Server 2003 only asks for a password if you are NOT doing an unattended install. Any admin smart enough to build a working unattended install script had also better be smart enough to set a strong password for the local Administrator account.

  4. Give me a break, It’s still a piece of BETA software!!!

    We are still 10 months away from longhorn launch with a piece of software that is still deep in development.

    I’m it will not ship this way.

  5. Bullets for that? Usually you use bullets if you have more than one point to make… not the same one over and over. And like was said earlier “BETA.” It’s a royal pain in the butt for the testers to have to go through that every time.

  6. I install Windows Server 2003 regularly in testing and production, and it doesn’t require a password. If you choose to not set a password during setup, it changes the password policy for the local machine. I’m willing to bet that if you want complex passwords in Longhorn server, go to Start–>Run gpedit.msc go to Local Computer Policy–>Computer Configuration–>Windows Settings–>Security Settings–>Account Policies–>Password Policy and then you can setup any old password policy that you want. If you have it AD, then you already know how to set this setting.

  7. @Anon Emouse:
    Yes, that’s true. But at the very least it’s an in-your-face kind of thing. Windows gives users the ability to decide to say no – it’s their right. But at the same time, the right thing to do is to make doubly sure someone that hasn’t had their morning (four) cup(s) of espresso and hasn’t slept for 48 hours straight doesn’t miss out on something as critical.

    It’s security: don’t mess with it. Better safe than sorry.

    @Wes: That is correct.
    But at the same time, all it takes is once…. Just one attended install, just one omission to observe detail, and it’s over.

    That’s the problem though. With Windows 2000 Server, Microsoft used that approach. The “Let’s worry about security last, when everything else is done and works” didn’t exactly suite MS Win 2k too well.
    Windows 2003 Beta (if you had the opportunity to test it, that was one hell of a good program) did the exact opposite. Focus on security early, and it’ll pay off.

    Not really. You can log in on a local non-domain-server computer as “Domain\Administrator” with no pass and then wreck some havoc…..

    The OSNews story at has some good points too.

  8. Ubuntu Linux doesn’t “have” a root password.

    You use sudo, which is something like Windows’s runas but a different way.

    Instead of logged in as administrator using administrator’s password,
    you decide which users can have temporarily elevated privileges as
    administrators, then these users can be root at any time (when needed)
    simply by using their own password.

    I’d say this model is much more secure. You really don’t want to use
    your own account that is listed under “Enterprise Admins” group and login
    using that in a client computer… A very simple recipe for a complete disaster.

  9. [quote comment=”6476″]By default, the admin account is disabled. Did you even try using the account?[/quote]

    That’s Vista you’re talking about.
    This is Longhorn. Big difference. On LH, the only account is the default admin account.

  10. Longhorn is messy for attended installation. If you think you’re done installing the server features/roles you want to use and logoff into you’re newly created AD_Admin account and try to log back into default admin, there is nothing you can do to get back in. The account gets disabled for login. I have read 90% of the documentation provided by Microsoft about Longhorn installation and configuration, having seen nothing mentioned about this, but it maybe contained in the last 10% that I haven’t read; or at least I hope.

Leave a Reply

Your email address will not be published. Required fields are marked *