The Windows Vista Security Guide Beta Program Wants You!

Participate in a pre-release review program for the Windows Vista Security Guide.  The Program ends September 26. This guide will provide IT Professionals with specific recommendations and tools about how to guard against real-world security threats, such as malware, and how to better protect sensitive data. It will be available as a free download on…


Regulatory Compliance Planning Guide

My team has now released the Regulatory Compliance Planning Guide. The guide is designed to help IT professionals and others interested in regulatory compliance in a number of ways. • Introduces a more efficient way to address regulatory requirements in your organization. • Outlines the leading thinking in regard to specific IT control requirements related…


Securing Windows 2000 Server Updated 5.31.06

In line with my team’s efforts to make sure the prescriptive guidance we provide is authoritative and up to date, we’ve updated the Securing Windows 2000 Server solution.  It includes information about risk assessment and analysis, securing specific critical Windows 2000 Server roles, and operating a secure environment after the initial lockdown phases have completed. Thanks! Tony….

TechNet link to all MSSC guides

We created a TechNet link so y’all can see an up-front view of our solutions – we’ll update this section as new work gets released. 

Some updates to MSSC guides March-April 2006

My team has made edits / updates to some of our guides: Security Risk Management Guide v1.2 March 16, 2006 The Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide v1.1 March 30, 2006. Windows XP Security Guide v2.2 April 10, 2006. Windows Sever 2003 Security Guide v2.1 April 26, 2006.  

Governance, Compliance and Policies Blog

Bill, one of our colleagues at MS has this blog that has some useful discussions around Governance, Compliance and Policies Blog. TB.  

Jan 06: Least Privilege to User Accounts on Windows XP

The least-privileged user account  (LUA) approach ensures that users follow the principle of least privilege and always log on with limited user accounts. This strategy also aims to limit the use of administrative credentials to administrators, and then only for administrative tasks. Thought y’all might want to see this – fresh off the press today:…

December 2005 Updated Security Guides

We’ve updated a couple of security solutions and they went live 12.27.05:The Threats and Countermeasures Guide v2.0 The updated Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the Microsoft Windows operating systems.The Windows Server 2003 Security Guide v2.0 The…

Creation and lifecycle management of email and security distribution groups

MSSC is looking into the possibility of a solution/tool to help with creation and lifecycle management of email and security distribution groups Creating and managing groups within an organization requires unnecessary administrative overhead. Administrators use valuable time creating groups that could otherwise be used for other IT activities. End-user productivity may be hampered by delays…

Security Poll: The "I need to" List

I’ve been running an informal poll since October 2005 targeted to IT pros and IT “generalists” asking them what their security “priorities” were. The reason I asked is because it helps my team focus on what security guidance content we build. Here’s the results so far and please feel free to comment. Updated 2.20.06 with…