Chapter 3. Windows Infrastructure

Understanding how Microsoft Windows functions, and Vista in particular, is key to understanding how to secure it. Most Windows administrators don't really understand how Windows "works." They've been taught about Windows from a system administrator's operational point of view, but not given enough information about how it operates under the hood. This chapter explains key Windows infrastructure processes and concepts so that the mechanics of how it all works together can be applied to security. This chapter will loosely flow along the lines of how a Windows PC boots and runs.


Do not rely upon this chapter as the complete, detailed reference of the complexities of Windows Vista. Microsoft Windows is sufficiently complex that to cover any single concept completely would be beyond the intended scope of this book. This chapter is intended as a high-level guide. Readers who are truly interested in the internals of Windows will find a good resource in Microsoft Windows Internals, Fourth Edition by Mark E. Russinovich and David A. Solomon.

Boot Sequence

When the computer first turns on, hardware self-checks (called Power-on-Self Test or POST) are performed to ensure the hardware is functioning without error. Firmware located on flash memory, PROM, or EEPROM chips will contain either PC/AT legacy BIOS or newer Extended Firmware Interface (EFI) code.

EFI is an open standard invented by Intel (, but widely expected to replace ...

Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.