While toughening your system against the risk of services gone wrong was once an arcane art, it's now merely an obscure one. Armed with sc.exe and your service names, though, you can restrict service privileges and isolate services through restricted SIDs. As with restricted privileges, a little poking around will reveal that Microsoft did not choose to isolate many services. That means that you may want to experiment with tightening up Vista further yourself…but please do it on a test system!
Well, we've reached the end of the book; thanks for staying with my coauthors and me for so long. I sincerely hope that you've now got a handle on some of Vista security's "big surprises"…so they won't surprise you at a bad time. Thanks again for reading, and drop me a line to let me know what you thought of our deliberately small volume!