In a recent blogpost by HDM, he wrote about NIST's Federal Desktop Core Configuration project. The best outcome is a set of Windows virtual machine images to be used as a security reference. Since initial release, this set has been updated to consist of Windows XP SP2 and Windows Vista SP1, both available free of charge from the FDCC downloads page.

Unfortunately, NIST used Microsoft's Virtual PC to create those images and made decompressing the images to your local harddisk on linux as hard as it can get. I'm not aware of a better way than the one HDM described in his blog. On my OSX Leopard, i recompiled zip / unzip with large file support and it did work out. I you're not into recompiling, you'll stick with Winzip on Windows for extraction for the moment.

Now you're good to go with Sun's Virtualbox! Start Virtualbox, add the VHD harddisk to Virtual Media Manager and start the virtual machine with default settings. You shouldn't have to change anything (i've tested with version 2.1.4). No conversion needed, mousepointer works fine out of the box.

I uploaded my Virtualbox configuration file here.