Blocking Remote Use of Local Accounts

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an attacker with administrative rights on one machine can easily obtain the account’s password…

14

What's New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer 10.  It is included as a Word document in the download from yesterday's announcement blog post.  We are posting the document here…

1

Configuring Account Lockout

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one size fits all” setting, but there’s a lot of heated discussion whenever anyone tries to pick…

11

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons for them. Account Lockout Threshold: we’re changing the incorrect-password threshold that…

2

Why We’re Not Recommending “FIPS Mode” Anymore

In the latest review of the official Microsoft security baselines for all versions of Windows client and Windows Server, we decided to remove our earlier recommendation to enable “FIPS mode”, or more precisely, the security option called “System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.”  In our previous guidance we had recommended…

25

Security Compliance Manager 3.0 now available for download!

Secure your environment with SCM 3.0! The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using Group Policy and Microsoft® System Center Configuration Manager. This version of SCM supports Windows Server 2012,…

1

The Data Classification Toolkit for Windows Server 2012 is now available!

Get the most out of Windows Server 2012 with new features that help you to quickly identify, classify, and protect data in your private cloud! This toolkit is designed to help you to:  Identify, classify, and protect data on file servers in your private cloud Quickly identify LBI data that could potentially be moved to a…


There's still time to participate in the Data Classification Toolkit for Windows Server 8 Beta review!

The Data Classification Toolkit for Windows Server 8 Beta (DCT) review period will soon close, but there is still time to participate. Thanks to all of you who have already downloaded the beta release and provided us with your feedback. Your input helps us to improve the quality of the final DCT release. The DCT…


Quickly Identify, Classify and Protect your Data on Windows "8" Servers!

Announcing the Data Classification Toolkit for Windows Server “8” Beta! A successful data classification program requires careful planning in these critical areas: Identification of applicable IT GRC authority documents. Documentation of controls to satisfy authority document requirements. Definition of corresponding classification policies. Implementation of classification policies. Preservation of evidence demonstrating implementation of effective controls. This powerful toolkit is designed…


Security Compliance Manager (SCM) version 2.5 now available

You’ve been asking for Exchange Server baselines. You’ve been waiting for the Windows 7 SP1 baseline update. They are all available now in SCM v2.5! SCM 2.5 includes a number of new and updated baselines, empowering you to manage configuration drift, address compliance requirements, and reduce security threats in your organization’s IT environment, traditional data…

0