Note that this section (available online at http://www.microsoft.com/windowsvista/privacy/vistartm_detail.mspx) is a supplement to the Windows Vista Privacy Statement. In order to understand the data collection and use practices relevant for a particular feature, site, or service, you should read the Windows Vista Privacy Statement and any applicable supplement.
What this feature does Activation is aimed at reducing software counterfeiting, thereby helping to ensure that Microsoft customers receive the software quality that they expect. Once your software is activated, a specific product key becomes associated with the computer (the hardware) on which your software is installed. This association prevents the product key from being used to activate the same copy of the software on multiple computers as counterfeit software. Some changes to your computer components or the software may require you to reactivate the software.
Information collected, processed, or transmitted During activation of this software, product key information is sent to Microsoft along with a hardware hash, which is a non-unique number generated from the computer's hardware configuration. The hardware hash does not represent any personal information or information about the software. The hardware hash cannot be used to determine the make or model of the computer and it cannot be backward calculated to determine any additional information about your computer. Along with standard computer information, some additional language settings are collected.
Use of information Microsoft uses the information to confirm that you have a licensed copy of the software, and then it is aggregated for statistical analysis. Microsoft does not use the information to identify you or contact you.
Choice and control Activation is mandatory and must be completed within a predefined grace period. If you choose not to activate the software, you cannot use it after the grace period expires. If the software is not correctly licensed, you will not be able to activate it.
What this feature does Auditing allows an administrator to configure Windows to record operating system activity in a security log, which can be accessed using the Event Viewer and other programs. This log can help an administrator detect unauthorized access to the computer or resources on the computer, and to troubleshoot problems.
Information collected, processed, or transmitted Administrators determine what information is collected, how long it is retained, and whether it is transmitted to other parties. The information can include personal information, such as user names or file names. For more information, contact your administrator.
Use of information Administrators also determine how the audit information is used. Generally, the security log is used by auditors and administrators to track computer activity or to identify unauthorized access to the computer or resources on the computer.
Choice and control Administrators determine whether this feature is enabled and how users are notified. The security log cannot be viewed by other users unless specifically permitted by an administrator.
BitLocker™ Drive Encryption
What this feature does BitLocker Drive Encryption (BitLocker) is available on computers running Windows Vista™ Enterprise Edition and Windows Vista™ Ultimate Edition. Should your computer be lost or stolen, BitLocker protects your data by helping to prevent offline software attacks. Turning on BitLocker encrypts the hard drive where Windows is installed, including all information that is stored on that drive.
Information collected, processed or transmitted When BitLocker is turned on, cryptographic keys in memory continually encrypt and decrypt data as it is read from or written to the protected hard drive. During BitLocker setup, you can choose to print a recovery password or to save it to a USB flash drive or location on your network. In an enterprise environment, administrators can automatically save recovery information to Active Directory Domain Services. BitLocker associates one or more globally unique identifiers (GUIDs) with each protected hard drive to help manage each drive. These GUIDs are removed when BitLocker is disabled.
If your computer is equipped with the Trusted Platform Module (TPM) version 1.2 security hardware, BitLocker uses the TPM to provide hardware-enhanced data protection. For more information, see Trusted Platform Module (TPM) Services (below). On TPM-equipped computers, you can also set up a personal identification number (PIN) to add an extra layer of protection for your encrypted data. BitLocker will store this TPM-based PIN in a hashed and encrypted form on the hard drive.
Use of information Cryptographic keys and GUIDs are stored in computer memory to support BitLocker operations. BitLocker recovery information allows you to access your protected data in case of hardware failures and other problems. This recovery information allows BitLocker to distinguish between authorized and unauthorized users. Information collected by BitLocker is not sent to Microsoft.
Choice and control BitLocker is not turned on by default. An administrator can turn on or turn off BitLocker at any time by going to BitLocker Drive Encryption in Control Panel.
What this feature does The Crypto API Diagnostics feature logs events associated with an application's use of certificates.
Information collected, processed or transmitted Information is collected about the certificates that you use, or that are used by the operating system and applications installed on your computer. Once this feature is enabled, the information is collected in an event log and can be viewed using Event Viewer.
Use of information Administrators can use the information to identify and troubleshoot certificate trust issues. Administrators can also export the information to a file, for example, that can be sent to technical experts, such as Microsoft Premier Support, for analysis. No information is automatically sent to Microsoft.
Choice and control The Crypto API Diagnostics feature is turned off by default, and it can be turned on or off only by an administrator. Unless you are experiencing a problem with certificates, you might not want to turn on this feature, which can decrease the performance of your computer. Administrators can configure Crypto API Diagnostics to log different parts of the certificate trust process, and they can determine the amount of information collected.