After one of the longest dress rehearsals in history, Microsoft's Windows Vista operating system is set to go.

But a review of Windows Vista final code suggests security will need administrative attention.

In our extensive tests of this code, we found that many of the Vista Ultimate default settings need to be changed. That, coupled with the fact that Microsoft now offers a variety of ways to enforce its new security controls, means enterprise administrators will have to make a significant effort to pull off a secure Vista Ultimate deployment.

There was also no shortage on either error messages that popped up on the screen while we attempted many common administrative tasks or reminders that administrators must really take pains to change many default settings in order to lock Vista Ultimate machines down across an enterprise.

US consultant Mark Gibbs said Vista's reduced functionality mode ensures that, should an authenticity check fail, the software will refuse to do anything really useful until reauthorised. Using this technique is in and of itself reasonable as long as it works. But he observed Microsoft couldn't admit that this technique is an antipiracy measure.

And in 64-bit Vista, Microsoft is using PatchGuard, also known as Kernel Patch Protection, to prevent unauthorised access to the kernel. Some security vendors say that by basically locking them out of the kernel, Microsoft is making it way tougher for them to protect customers. But questions are being asked whether Microsoft right to block off the kernel? Or do the vendors really need access to the kernel?