Short File Name Prerequisite for SCCM 2007
A common security/performance setting is to disable short file names (aka 8.3 file names), and is recommended as part of the Microsoft Solutions for Security (MSS) (Disable Auto Generation of 8.3 File...
View ArticleScript to set Windows Vista audit policy
There's probably a sexier way to do it, but the attached script (rename to .cmd) can be used to set Windows Vista SP1 audit policy using auditpol. The current settings are based on the FDCC 2008 Q1...
View ArticleHow to generate a custom LGPO based on FDCC
One of my customers requires additional security settings beyond the OMB-mandated Federal Desktop Core Configuration (FDCC) and I need to apply the settings as local policy during the MDT build process...
View ArticleConfigMgr 2007 and SCW
The Security Configuration Wizard is new to Windows Server 2003 SP1 and provides very detailed ability to lockdown a server based on the roles, services and applications. With SMS 2003, the toolkit...
View ArticleDebug programs right needed to uninstall ConfigMgr Console
I recently discovered an interesting issue when trying to uninstall the ConfigMgr Console from a Windows Server 2003 system to which the SSLF member server baseline policy is applied. When running...
View ArticleExplicit rights for Preinst
I recently had to manually remove a secondary site (S01) from a ConfigMgr 2007 SP1 hierarchy. It deleted ok from the parent site (P01), but since that doesn't replicate up the hierarchy, I had to go...
View ArticleMaximizing Security in Configuration Manager
This post details my experience and lessons learned with hardening a System Center Configuration Manager system. I'll review the risks and then describe the various technical components of a ConfigMgr...
View ArticleWindows XP Remote Assistance and DontDisplayLastUserName
While implementing Remote Assistance during a Windows 7 deployment I found that a RA connection to older Windows XP workstations would behave like a Remote Desktop connection: the user would not be...
View ArticleUSGCB Policy Bug: Turn off desktop gadgets
The US Government Configuration Baseline (USGCB) group policy object (GPO) for Windows 7 Computer Settings includes the setting:Computer Configuration\Administrative Templates\Windows...
View ArticleShort File Name Prerequisite for SCCM 2007
A common security/performance setting is to disable short file names (aka 8.3 file names), and is recommended as part of the Microsoft Solutions for Security (MSS) (Disable Auto Generation of 8.3 File...
View ArticleScript to set Windows Vista audit policy
There's probably a sexier way to do it, but the attached script (rename to .cmd) can be used to set Windows Vista SP1 audit policy using auditpol. The current settings are based on the FDCC 2008 Q1...
View ArticleHow to generate a custom LGPO based on FDCC
One of my customers requires additional security settings beyond the OMB-mandated Federal Desktop Core Configuration (FDCC) and I need to apply the settings as local policy during the MDT build process...
View ArticleConfigMgr 2007 and SCW
The Security Configuration Wizard is new to Windows Server 2003 SP1 and provides very detailed ability to lockdown a server based on the roles, services and applications. With SMS 2003, the toolkit...
View ArticleDebug programs right needed to uninstall ConfigMgr Console
I recently discovered an interesting issue when trying to uninstall the ConfigMgr Console from a Windows Server 2003 system to which the SSLF member server baseline policy is applied. When running...
View ArticleExplicit rights for Preinst
I recently had to manually remove a secondary site (S01) from a ConfigMgr 2007 SP1 hierarchy. It deleted ok from the parent site (P01), but since that doesn't replicate up the hierarchy, I had to go...
View ArticleMaximizing Security in Configuration Manager
This post details my experience and lessons learned with hardening a System Center Configuration Manager system. I'll review the risks and then describe the various technical components of a ConfigMgr...
View ArticleWindows XP Remote Assistance and DontDisplayLastUserName
While implementing Remote Assistance during a Windows 7 deployment I found that a RA connection to older Windows XP workstations would behave like a Remote Desktop connection: the user would not be...
View ArticleUSGCB Policy Bug: Turn off desktop gadgets
The US Government Configuration Baseline (USGCB) group policy object (GPO) for Windows 7 Computer Settings includes the setting:Computer Configuration\Administrative Templates\Windows...
View ArticleConfigMgr query for blocked or approved clients
This is nothing new; I’m typically not one to repost information that can be found elsewhere online. This is just so that I have an easy place to find it in the future! select SMS_R_SYSTEM.ResourceID,...
View ArticleWindows XP Remote Assistance and DontDisplayLastUserName
While implementing Remote Assistance during a Windows 7 deployment I found that a RA connection to older Windows XP workstations would behave like a Remote Desktop connection: the user would not be...
View Article
More Pages to Explore .....