Directly connect to your corpnet with IPsec and IPv6

Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere! So I’ve been kinda swamped. I’ve missed writing here; it’s…


Plan now to eliminate "power users" from your domains

I’ve seen some conversations lately about the Power Users group — how powerful is it, really, and why did we remove the group from Windows Vista? That group had rights install software and drivers. And if you can install software and drivers, then you can elevate yourself to Administrator or SYSTEM. Vista includes a signed…


Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that…


The bad guys will use BitLocker, too

Got an email today from a customer asking about how BitLocker will affect the ability of law enforcement to conduct forensic analysis of a protected hard drive. Specifically, the person was asking about any back doors that law enforcement could use to bypass the encryption. The answer is very simple, and I’m sure not what…


Windows Integrity Mechanism: more than you ever wanted to know

A while back, the technology in Vista called mandatory integrity control got a new name: Windows integrity mechanism. Recently the folks responsible for developing the technology have posted a good amount of documentation on it. Read the Windows Vista Integrity Mechanism Technical Reference for all the details.


TechNet: Exploring the Windows Vista Firewall

New article up… Back in the days of the paleocomputing era, no one ever thought about installing firewalls on individual computers. Who needed to? Hardly anyone had heard of the Internet, TCP/IP was nowhere in sight, and LAN protocols didn’t route beyond your building or campus. Important data lived on the mainframe or file servers—the…


Curious about the ways Windows talks to the Internet? Here’s your answer.

I was browsing through the Microsoft download pages today — yeah, even we employees occasionally find little nuggets interspersed among the usual updates and such. I noticed a pair of whitepapers that will answer a common question I hear from many of you in emails and at conferences. You’ll want to keep these handy. Using…


BitLocker command line interface

Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I’ve mentioned it but didn’t show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating system). To run it: Open an elevated command prompt…


Must be a slow news day: reporter writes 100% crap

Imagine my surprise to read that Microsoft is removing NAP from Windows Vista! Does this guy actually get paid money to write this drivel? The particular folks quoted in the article all have their own agendas, of course. News flash: we aren’t dropping NAP. It’s in the product now, we’re actually running it on part of…


Ah, the joys of speaking about pre-release software!

Two weeks ago I delivered my Windows Vista System Integrity presentation at the TechEds in New Zealand (Auckland) and Australia (Sydney). It was largely the same as the presention at TechEds in America and India, but updated to reflect changes made in the product between the time I wrote the presentation and now. Pre-release software is…