Microsoft published their official Windows Vista Security Guide. It's available at their Technet Web site now.

The guide describes how to address security for two different environments: typical enterprise clients and specialized security clients with limited functionality. The latter is an environment that is very strict where client functionality is reduced significantly, which some entities will want to implement.