Wole Moses has a great overview of Windows Service Hardening (WSH). I’ve written about this a couple of times–basically, it’s a defense-in-depth (think belt-and-suspenders; a second layer of security) that keeps services from doing something really bad even if they get compromised. So, if the Server service doesn’t normally add startup programs, WSH will block it if it ever tries to, because clearly it must be under the influence of an attacker. So, WSH doesn’t prevent a compromise, but it helps reduce the damage done after a compromise.

It might be a good reason to upgrade to Vista, but you don’t really need to know about it. You can’t configure it; it’s already setup for standard Windows services. If you’re a developer, you can use the SC.exe tool to configure WSH, but you’ll probably choose to configure it programmatically as part of service installer.