FDCC Blog Alert: Issue with Windows Vista SP1 and GPResults

Author:           Mandy Tidwell, Senior Consultant  Applies to:      Windows Vista SP1 Setting:           Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentCreate Symbolic Links   History:           After implementing FDCC on Windows Vista SP1, running the GPResults Wizard and navigating to Computer Configuration Policies Windows Settings Security Settings results in the following error: An error has occurred…


FDCC Blog Alert: Issue with Windows XP/Vista and IPSec

Author:           Mandy Tidwell, Senior Consultant, Microsoft Consulting Services Credit:             Jim Riekse, Consultant, Microsoft Consulting Services Applies to:      Windows XP and Windows Vista Setting:           Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentAccess this Computer from the Network is restricted to Administrators in FDCC.   Issue:               When IPSec is used to provide session security,…


Application / Certificate Performance Issues with Vista and FDCC

Summary In the process of defining the FDCC image, the National Institute of Standards (NIST) included several Federal and DoD Root and Intermediate x509 certificates in the FDCC Vista Trusted Root and Intermediate Certification Authorities stores. Several of these certificates are cross-certified. When the Vista CryptoAPI (CAPI) is called by a process (e.g. Iexplore.exe validating…


FDCC Blog Alert: Issue with Vista SP1

Author: Shelly Bird  Credit:  Syed Ismail, Ben Christenbury Applies to:  Vista SP1 alone. Setting: Microsoft Network Client: Digitally Sign communications (always) is set to Enabled in FDCC.   History: The server side settings are always ON (w2k3 SP2):   HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters                 EnableSecuritySignature [REG_DWORD] = 0x1                 RequireSecuritySignature [REG_DWORD] = 0x1   Client-side settings (Vista SP1)…


Update: Importing FDCC Group Policy Objects Script Error Resolved

Author:  Joel Yoker, Principal Consultant   A reader recently sent in a question about the GPO Import script and a syntax error they received at line 356.  We were able to reproduce the error and it appears to be a “cut and paste” error between the blog post and Notepad.  It appears that that carriage…


Script a Custom Power Management Policy

Author: Paul Fox, Senior Consultant Scenario: A customer wants a custom power plan for their laptop images. This is a frequent request to meet new Green initiatives in Federal and State governments. Here are the steps to incorporate a scripted power configuration. The resulting install.cmd can be embedded into a task sequence of Microsoft Deployment Toolkit….


Why don’t all of the FDCC settings appear in the Group Policy Editor?

Author: Mandy Tidwell, Senior Consultant    As many of you may have noticed, the FDCC Group Policy settings spreadsheet and FDCC Group Policy Objects (GPOs) downloaded from NIST (http://csrc.nist.gov/fdcc) contain settings that are not exposed by default in the Group Policy Editor interface.  These settings are easily identified in that they all begin with MSS….


FDCC Webcast: FIPS Challenges – Q & A

Author: Paul Fox, Senior Consultant   Question: Is it possible to save more than 1 Set of Recovery Keys to a single USB drive? Answer: Yes, you can save multiple BitLocker recovery keys to single USB drive. The size of a key is 124 bytes.  More information can be found at http://technet2.microsoft.com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true Question: Is the…