Over the years, the Internet Protocols Team has worked on building IPsec (Internet Protocol Security) in to Windows. IPsec allows creation of logical secure network segments using domain isolation and server isolation. Domain isolation and server isolation significantly improve network security by shielding unmanaged computers from communicating with managed computers. Active directory and group policy provide a framework for easily deploying IPsec policies to computers in any Enterprise. Microsoft IT department has widely deployed IPsec within its own enterprise to get these network security benefits. IPsec policies can be deployed in such way that some computers would require only authentication and some require both authentication and encryption. This way sensitive data for selected computers can be completely protected using Encryption while every computer can benefit from having authentication. While IPsec has been supported since Windows 2000, Windows Vista has good improvements, such as, better UI for policy management, simplified policy support, improved load balancing and cluster support, client to DC security, user and machine health based authentication support (in addition to machine authentication support) etc. More information on IPsec can be found at the following links:

http://www.microsoft.com/ipsec

http://www.microsoft.com/sdisolation