FDCC Blog Alert: Issue with Windows Vista SP1 and GPResults

Author:           Mandy Tidwell, Senior Consultant  Applies to:      Windows Vista SP1 Setting:           Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentCreate Symbolic Links   History:           After implementing FDCC on Windows Vista SP1, running the GPResults Wizard and navigating to Computer Configuration Policies Windows Settings Security Settings results in the following error: An error has occurred…


Apply_LGPO_Delta and ImportRegPol updated

I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities, which I have fixed in the versions now posted to the LGPO Utilities page.  The “feature” (OK, the “bug”) allowed commands to set a registry value and to delete that registry value not to overwrite each other in the resulting registry policy file. This…


FDCC Blog Alert: Issue with Windows XP/Vista and IPSec

Author:           Mandy Tidwell, Senior Consultant, Microsoft Consulting Services Credit:             Jim Riekse, Consultant, Microsoft Consulting Services Applies to:      Windows XP and Windows Vista Setting:           Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentAccess this Computer from the Network is restricted to Administrators in FDCC.   Issue:               When IPSec is used to provide session security,…


Job opening: Senior Software Development Engineer

As you may know, the Federal Desktop Core Configuration is largely based on Microsoft’s Security Guidance for Windows.  Well, the team in Redmond that creates and publishes that guidance has a job opening: Do you have a passion for developing software and want to help our customers become more secure? Interested in making an impact…


Application / Certificate Performance Issues with Vista and FDCC

Summary In the process of defining the FDCC image, the National Institute of Standards (NIST) included several Federal and DoD Root and Intermediate x509 certificates in the FDCC Vista Trusted Root and Intermediate Certification Authorities stores. Several of these certificates are cross-certified. When the Vista CryptoAPI (CAPI) is called by a process (e.g. Iexplore.exe validating…


Q&A From "Using BitLocker with FDCC and FIPS" webcast

Q&A content from the “Using BitLocker with FDCC and FIPS” webcast from May 27, 2008.  The recording of the webcast may be viewed on-demand here.  Question: You may have mentioned this earlier but should FIPS be setup before or after FDCC? Answer: FIPS should be enabled and applied to the end system before BitLocker Drive…


FDCC and Internet Explorer 7, Part 3 – Protected Mode

This is the [long-delayed] third installment in a series discussing various issues regarding the intersection of Microsoft Internet Explorer 7 and the Federal Desktop Core Configuration (FDCC). The FDCC bears close resemblance to Microsoft’s security guidance for Windows XP and Windows Vista, so this series will be of interest to any customers who are locking…


Web Application Test Plan

This blog post describes how to perform basic web application testing to identify and fix compatibility issues.  These procedures are designed for non-experts and not to require deep expertise in web application development.  The target platform is assumed to be Internet Explorer 8 running on Windows 7 with standard user rights.  Some of the issues covered below…