Microsoft's USGCB Tech Blog

A technical resource to help implement the US Govt Configuration Baseline (USGCB) on the Windows platform.

LGPO.exe - Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces...

Author: Aaron Margosis Date: 01/21/2016

Interview on "Taste of Premier" about Security Guidance for Windows 8.1, Windows Server 2012 R2 and IE 11

Aaron Margosis interviewed on Channel 9's Taste of Premier about Security Guidance for Windows 8.1,...

Author: Aaron Margosis Date: 10/21/2014

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2...

Author: Aaron Margosis Date: 08/15/2014

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard...

Author: Aaron Margosis Date: 04/07/2014

IEZoneAnalyzer update: v3.5.0.5

I just posted a minor update to IEZoneAnalyzer. Version 3.5.0.5 fixes an issue in which IE10 was...

Author: Aaron Margosis Date: 06/19/2013

Legacy Web App Security and Sysinternals at TechEd North America + Europe 2012

I'm presenting a couple of sessions at TechEd North America 2012 in Orlando (June 11-14) and at...

Author: Aaron Margosis Date: 06/06/2012

Correction posted for IE Explicit Security Zone Mappings and IEZoneAnalyzer's Zone Map Viewer

I received some questions and comments about Internet Explorer's Explicit Security Zone Mappings and...

Author: Aaron Margosis Date: 05/14/2012

Enabling “Initialize and script ActiveX controls not marked as safe” in ANY zone can get you hurt, bad.

This post is about a security setting that is often underestimated in its ability to enable serious...

Author: Aaron Margosis Date: 11/03/2011

Top Ten Deployment Blockers

My colleague Shelly Bird, a highly esteemed Architect in Microsoft Public Sector Services, has years...

Author: Aaron Margosis Date: 10/18/2011

Alert: Java’s Forward-Compatibility Promise Has Been Revised

Java’s Forward-Compatibility PromiseWriting forward-compatible software is really hard. You...

Author: Aaron Margosis Date: 10/18/2011

IEZoneAnalyzer v3.5 with Zone Map Viewer

IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings...

Author: Aaron Margosis Date: 09/22/2011

Internet Explorer’s Explicit Security Zone Mappings

[Updated 15 May 2012 to correct a bug involving precedence of Computer policies over User policies.]...

Author: Aaron Margosis Date: 09/22/2011

Set_FDCC_LGPO for Windows 7…

… is not needed and will not be created. I had kind of blogged about this a while back but it...

Author: Aaron Margosis Date: 08/10/2011

IEZoneAnalyzer v3

Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing...

Author: Aaron Margosis Date: 04/14/2011

“AlwaysInstallElevated” is Equivalent to Granting Administrative Rights

When removing administrative rights from end users, it’s important to ensure that there are no...

Author: Aaron Margosis Date: 01/24/2011

Adobe Reader X

This post is a bit off-topic. Neither the Federal Desktop Core Configuration (FDCC) nor the US...

Author: Aaron Margosis Date: 11/29/2010

Web Application Test Plan

This blog post describes how to perform basic web application testing to identify and fix...

Author: Aaron Margosis Date: 10/25/2010

Sticking with Well-Known and Proven Solutions

I work with a lot of customers, and there are some problems I see over and over. One problem that...

Author: Aaron Margosis Date: 10/06/2010

FDCC is now USGCB

Along with the release of official government guidance for Windows 7, NIST has rebranded the Federal...

Author: Aaron Margosis Date: 10/01/2010

Sample Files for Apply_LGPO_Delta

Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy...

Author: Aaron Margosis Date: 03/24/2010

Job opening: Senior Software Development Engineer

As you may know, the Federal Desktop Core Configuration is largely based on Microsoft’s...

Author: Aaron Margosis Date: 01/27/2010

Updated LGPO utility sources

The updated sources corresponding to the updated versions of the Apply_LGPO_Delta and ImportRegPol...

Author: Aaron Margosis Date: 01/15/2010

Apply_LGPO_Delta and ImportRegPol updated

I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities,...

Author: Aaron Margosis Date: 01/15/2010

Problems with FDCC’s XP File Permissions

A few months ago I blogged about a case in which an ill-advised registry hack caused application...

Author: Aaron Margosis Date: 12/02/2009

Viewing and Comparing IE Security Zone Settings - enhanced

I've enhanced the IE security zone comparison utility that I posted here a few weeks ago. The new...

Author: Aaron Margosis Date: 11/07/2009

Viewing and Comparing IE Security Zone Settings

The Security tab of the Internet Explorer Properties dialog shows security settings for the...

Author: Aaron Margosis Date: 10/01/2009

The Case of the Unexplained Installation Failure (and an ill-advised registry hack)

Since Mark Russinovich hasn’t trademarked his “Case of the Unexplained…” series, I’m appropriating...

Author: Aaron Margosis Date: 09/28/2009

Source code for New and Updated Local Group Policy utilities

Visual Studio 2008 source and project files for the new ImportRegPol utility and the updated...

Author: Aaron Margosis Date: 09/15/2009

New and Updated Local Group Policy Utilities

A customer requested an addition to the local group policy toolset posted on the FDCC blog. While...

Author: Aaron Margosis Date: 09/15/2009

FDCC Vista Application Development Requirements

OverviewNOTE: This entry only focuses on the Windows Vista version of the FDCC and desktop...

Author: cgreene Date: 07/08/2009

FDCC and Internet Explorer 7, Part 3 – Protected Mode

This is the [long-delayed] third installment in a series discussing various issues regarding the...

Author: Aaron Margosis Date: 06/16/2009

Set_FDCC_LGPO.exe v1.06, Visual C++ project sources

Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.06 is attached to this...

Author: Aaron Margosis Date: 04/15/2009

Set_FDCC_LGPO updated: v1.06

Set_FDCC_LGPO has been updated to reflect the updated GPO content on NIST's download page. The FDCC...

Author: Aaron Margosis Date: 04/15/2009

Apply_LGPO_Delta v1.01, source code

Visual Studio 2005 project and source code files for Apply_LGPO_Delta v1.01 is attached to this blog...

Author: Aaron Margosis Date: 03/19/2009

Apply_LGPO_Delta updated, v1.01

Apply_LGPO_Delta is a utility for automating the management of local group policy -- administrative...

Author: Aaron Margosis Date: 03/19/2009

Set_FDCC_LGPO.exe v1.05, source code

Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.05 is attached to this...

Author: Aaron Margosis Date: 01/23/2009

Set_FDCC_LGPO updated: v1.05

[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] The...

Author: Aaron Margosis Date: 01/23/2009

FDCC and Internet Explorer 7, Part 2 – Impact on Users

This is the second installment in a series discussing various issues regarding the intersection of...

Author: Aaron Margosis Date: 11/12/2008

FDCC Blog Alert: Issue with Windows Vista SP1 and GPResults

Author: Mandy Tidwell, Senior Consultant Applies to: Windows Vista SP1Setting: Computer...

Author: Mandy Tidwell Date: 10/21/2008

FDCC Blog Alert: Issue with Windows XP/Vista and IPSec

Author: Mandy Tidwell, Senior Consultant, Microsoft Consulting ServicesCredit: Jim Riekse,...

Author: Mandy Tidwell Date: 10/21/2008

Application / Certificate Performance Issues with Vista and FDCC

SummaryIn the process of defining the FDCC image, the National Institute of Standards (NIST)...

Author: Mandy Tidwell Date: 10/13/2008

FDCC Blog Alert: Issue with Vista SP1

Author: Shelly Bird Credit: Syed Ismail, Ben ChristenburyApplies to: Vista SP1 alone.Setting:...

Author: Mandy Tidwell Date: 09/26/2008

FDCC and Internet Explorer 7, Part 1: Security Zones

@font-face { font-family: wingdings; } @font-face { font-family: Cambria Math; } @font-face {...

Author: Aaron Margosis Date: 09/19/2008

Set_FDCC_LPGO v1.04 (Q3 2008) - Source code

The source code and Visual Studio project files for the Set_FDCC_LGPO Q3 2008 update are included as...

Author: Aaron Margosis Date: 06/28/2008

Set_FDCC_LGPO: Updated for 2008 Q3

[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.]...

Author: Aaron Margosis Date: 06/28/2008

Q&A From "Using BitLocker with FDCC and FIPS" webcast

Q&A content from the "Using BitLocker with FDCC and FIPS" webcast from May 27, 2008. The...

Author: Aaron Margosis Date: 05/29/2008

Apply_LGPO_Delta 1.0 - source code

The source code and Visual Studio project files for the Apply_LGPO_Delta utility are included at an...

Author: Aaron Margosis Date: 05/07/2008

Apply_LGPO_Delta 1.0: utility to apply custom changes to Local Policy

[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.]...

Author: Aaron Margosis Date: 05/07/2008

Utilities for automating Local Group Policy management

Update, 21 January 2016: LGPO.exe is a new command-line utility to automate the management of local...

Author: Aaron Margosis Date: 05/07/2008

Webcast for upcoming Local GPO tool

Updated, 28 April 2008We're preparing a new utility for public release and will be demonstrating it...

Author: Aaron Margosis Date: 04/25/2008

Next>