IEZoneAnalyzer v3.5 with Zone Map Viewer

IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings – that is, the configuration settings that grant web sites in the Intranet zone more capabilities in the browser than web sites in the Internet zone.  Earlier today, I wrote about the surprisingly complex rules that determine whether and when explicit mappings…

25

Internet Explorer’s Explicit Security Zone Mappings

[Updated 15 May 2012 to correct a bug involving precedence of Computer policies over User policies.] I recently worked with some customers who wanted to enumerate which web sites had been assigned to which Internet Explorer security zones.  I.e., they wanted to know which web sites had been assigned to the Intranet zone, which to…

7

Set_FDCC_LGPO for Windows 7…

… is not needed and will not be created.  I had kind of blogged about this a while back but it was hidden under a more general title, so the question about Set_FDCC_LGPO on Windows 7 continues to get asked. This post offers another easy and flexible way for you to apply NIST’s GPOs and…

2

IEZoneAnalyzer v3

Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing of settings. IEZoneAnalyzer version 3 represents a total rewrite, adding a…

11

“AlwaysInstallElevated” is Equivalent to Granting Administrative Rights

When removing administrative rights from end users, it’s important to ensure that there are no easy paths by which a user (or malware running as the user) can gain administrative rights. For example, don’t relax default permissions on system resources such as files, folders and registry keys, and don’t grant users any “admin-equivalent” privileges such…

7

Adobe Reader X

This post is a bit off-topic.  Neither the Federal Desktop Core Configuration (FDCC) nor the US Government Configuration Baseline (USGCB) mandate specific settings for Adobe products, and it’s a little unusual for a Microsoft blog to promote an Adobe product.  However, this one is important.   Many of our customers make Adobe Reader part of their standard desktop…

1

Web Application Test Plan

This blog post describes how to perform basic web application testing to identify and fix compatibility issues.  These procedures are designed for non-experts and not to require deep expertise in web application development.  The target platform is assumed to be Internet Explorer 8 running on Windows 7 with standard user rights.  Some of the issues covered below…

0

Sticking with Well-Known and Proven Solutions

I work with a lot of customers, and there are some problems I see over and over.  One problem that I’ve seen and been thinking about a lot lately is the way that a number of customers paint themselves into a corner through excessive customization of their environment.  Lately I’ve been making the case that…

5

FDCC is now USGCB

Along with the release of official government guidance for Windows 7, NIST has rebranded the Federal Desktop Core Configuration (FDCC) as the United States Government Configuration Baseline (USGCB).  NIST’s spreadsheets, Group Policy Objects (GPOs) and virtual hard disks (VHDs) for Windows 7 can be downloaded from http://usgcb.nist.gov.  From this point forward, “FDCC” is just a four-letter…

4

Sample Files for Apply_LGPO_Delta

Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy adjustment, as well as a batch file to run Set_FDCC_LGPO and Apply_LGPO_Delta in sequence.  Those samples inadvertently got omitted from an upload at one point.  I’ve updated those sample files and added some new ones.  They are attached…

6