LGPO.exe - Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools. Features: Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced…

4

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, “Use the vendor’s guidance.”  Here is the vendor’s guidance.  Please see these three new blog…

1

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  It includes documentation, GPOs, and scripts for installing the recommended settings to local group…

1

IEZoneAnalyzer update: v3.5.0.5

I just posted a minor update to IEZoneAnalyzer.  Version 3.5.0.5 fixes an issue in which IE10 was reported as version “9.10.9200.16614”; it now reports a 10.* version number.  (*) Version 3.5.0.5 also adds text corresponding to new IE security zone settings, adds back in a set of sample files that capture default settings on various…

2

IEZoneAnalyzer v3.5 with Zone Map Viewer

IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings – that is, the configuration settings that grant web sites in the Intranet zone more capabilities in the browser than web sites in the Internet zone.  Earlier today, I wrote about the surprisingly complex rules that determine whether and when explicit mappings…

25

Set_FDCC_LGPO for Windows 7…

… is not needed and will not be created.  I had kind of blogged about this a while back but it was hidden under a more general title, so the question about Set_FDCC_LGPO on Windows 7 continues to get asked. This post offers another easy and flexible way for you to apply NIST’s GPOs and…

2

IEZoneAnalyzer v3

Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing of settings. IEZoneAnalyzer version 3 represents a total rewrite, adding a…

11

FDCC is now USGCB

Along with the release of official government guidance for Windows 7, NIST has rebranded the Federal Desktop Core Configuration (FDCC) as the United States Government Configuration Baseline (USGCB).  NIST’s spreadsheets, Group Policy Objects (GPOs) and virtual hard disks (VHDs) for Windows 7 can be downloaded from http://usgcb.nist.gov.  From this point forward, “FDCC” is just a four-letter…

4

Sample Files for Apply_LGPO_Delta

Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy adjustment, as well as a batch file to run Set_FDCC_LGPO and Apply_LGPO_Delta in sequence.  Those samples inadvertently got omitted from an upload at one point.  I’ve updated those sample files and added some new ones.  They are attached…

6

Updated LGPO utility sources

The updated sources corresponding to the updated versions of the Apply_LGPO_Delta and ImportRegPol utilities are attached to this post. LGPO-Utilities-sources.zip

11