Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, “Use the vendor’s guidance.”  Here is the vendor’s guidance.  Please see these three new blog…

1

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  It includes documentation, GPOs, and scripts for installing the recommended settings to local group…

1

Set_FDCC_LGPO for Windows 7…

… is not needed and will not be created.  I had kind of blogged about this a while back but it was hidden under a more general title, so the question about Set_FDCC_LGPO on Windows 7 continues to get asked. This post offers another easy and flexible way for you to apply NIST’s GPOs and…

2

IEZoneAnalyzer v3

Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing of settings. IEZoneAnalyzer version 3 represents a total rewrite, adding a…

11

Web Application Test Plan

This blog post describes how to perform basic web application testing to identify and fix compatibility issues.  These procedures are designed for non-experts and not to require deep expertise in web application development.  The target platform is assumed to be Internet Explorer 8 running on Windows 7 with standard user rights.  Some of the issues covered below…

0

Sticking with Well-Known and Proven Solutions

I work with a lot of customers, and there are some problems I see over and over.  One problem that I’ve seen and been thinking about a lot lately is the way that a number of customers paint themselves into a corner through excessive customization of their environment.  Lately I’ve been making the case that…

4

Sample Files for Apply_LGPO_Delta

Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy adjustment, as well as a batch file to run Set_FDCC_LGPO and Apply_LGPO_Delta in sequence.  Those samples inadvertently got omitted from an upload at one point.  I’ve updated those sample files and added some new ones.  They are attached…

6

Updated LGPO utility sources

The updated sources corresponding to the updated versions of the Apply_LGPO_Delta and ImportRegPol utilities are attached to this post. LGPO-Utilities-sources.zip

11

Apply_LGPO_Delta and ImportRegPol updated

I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities, which I have fixed in the versions now posted to the LGPO Utilities page.  The “feature” (OK, the “bug”) allowed commands to set a registry value and to delete that registry value not to overwrite each other in the resulting registry policy file. This…

0

Viewing and Comparing IE Security Zone Settings

The Security tab of the Internet Explorer Properties dialog shows security settings for the Internet, Intranet, Trusted Sites and Restricted Sites zones.  However: It doesn’t show settings for the Local Machine (Computer) zone, nor for Local Machine Zone Lockdown (LMZL). When machine settings or other policies are in effect, most of the Security Zones UI…

0