Vista has some really interesting security features for schools. Network Access Protection and BitLocker are both topics I view as being incredibly valuable to education when they are understood and implemented correctly. For managed environments like computer labs (some are managed), UAC and the new group policies hold great promise. The list goes on and on but there are a few obvious “low hanging fruit” that could really make a difference in some environments.
Security specialists working in education environments have many unique challenges. The machines are largely unmanaged, there is resistance to locking them down, and unlike business environments in many cases the administrator does not work for the people who own the machine. The tool I am most excited about in totally unmanaged environments is NAP. It CAN fit even if you are not end-to-end Microsoft infrastructure. I’m working on getting a how-to written focused on Education. NAP will require Longhorn server so you have time to think and plan.