Microsoft's USGCB Tech Blog

A technical resource to help implement the US Govt Configuration Baseline (USGCB) on the Windows platform.

Browse by Tags

Related Posts
  • Blog Post: Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

    Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 . It includes documentation, GPOs...
  • Blog Post: Set_FDCC_LGPO updated: v1.05

    [2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] The utility for applying FDCC configuration settings en masse to a computer has been updated: The 0x80070020 sharing-violation error code that occasionally occurred appears to be due to contention...
  • Blog Post: FDCC Vista Application Development Requirements

    Overview NOTE: This entry only focuses on the Windows Vista version of the FDCC and desktop applications. Since its infancy, common themes have emerged which have delayed or prevented enterprise customers from deploying the FDCC. By the 80/20 rule, the two most common problems, in order, are: 1. Data...
  • Blog Post: IEZoneAnalyzer v3

    Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing...
  • Blog Post: Source code for New and Updated Local Group Policy utilities

    Visual Studio 2008 source and project files for the new ImportRegPol utility and the updated Set_FDCC_LGPO and Apply_LGPO_Delta utilities for managing Local Group Policy Objects. Note that these are all now Visual Studio 2008 projects. [Update Jan 15 2010: new versions released -- see the LGPO...
  • Blog Post: Viewing and Comparing IE Security Zone Settings

    The Security tab of the Internet Explorer Properties dialog shows security settings for the Internet, Intranet, Trusted Sites and Restricted Sites zones. However: It doesn’t show settings for the Local Machine (Computer) zone, nor for Local Machine Zone Lockdown (LMZL). When machine settings...
  • Blog Post: FDCC and Internet Explorer 7, Part 3 – Protected Mode

    This is the [long-delayed] third installment in a series discussing various issues regarding the intersection of Microsoft Internet Explorer 7 and the Federal Desktop Core Configuration (FDCC). The FDCC bears close resemblance to Microsoft’s security guidance for Windows XP and Windows Vista, so this...
  • Blog Post: Set_FDCC_LGPO updated: v1.06

    Set_FDCC_LGPO has been updated to reflect the updated GPO content on NIST's download page . The FDCC settings have not changed. The updates contain only corrections to the downloads to more closely adhere to the FDCC settings. The updated Set_FDCC_LGPO is attached to this blog post. (This time I also...
  • Blog Post: New and Updated Local Group Policy Utilities

    A customer requested an addition to the local group policy toolset posted on the FDCC blog . While working on the new utility, I needed to upgrade the other two. The full set is attached to this post, with documentation. The source code for all of them is attached to a separate post . The new utility...
  • Blog Post: Set_FDCC_LGPO for Windows 7…

    … is not needed and will not be created. I had kind of blogged about this a while back but it was hidden under a more general title, so the question about Set_FDCC_LGPO on Windows 7 continues to get asked. This post offers another easy and flexible way for you to apply NIST’s GPOs and any...
  • Blog Post: Web Application Test Plan

    This blog post describes how to perform basic web application testing to identify and fix compatibility issues. These procedures are designed for non-experts and not to require deep expertise in web application development. The target platform is assumed to be Internet Explorer 8 running on Windows 7...
  • Blog Post: Sticking with Well-Known and Proven Solutions

    I work with a lot of customers, and there are some problems I see over and over. One problem that I've seen and been thinking about a lot lately is the way that a number of customers paint themselves into a corner through excessive customization of their environment. Lately I've been making the case...
  • Blog Post: Apply_LGPO_Delta updated, v1.01

    Apply_LGPO_Delta is a utility for automating the management of local group policy -- administrative templates and security templates. First posted here , it has been updated with the same fix that was applied to Set_FDCC_LGPO to prevent the 0x80070020 sharing-violation error from occurring. Documentation...
  • Blog Post: Set_FDCC_LGPO.exe v1.06, Visual C++ project sources

    Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.06 is attached to this blog post. [Removed, as a newer version is available -- bookmark the landing page for the most up-to-date-links.]
  • Blog Post: FDCC Blog Alert: Issue with Vista SP1

    Author: Shelly Bird Credit: Syed Ismail, Ben Christenbury Applies to: Vista SP1 alone. Setting: Microsoft Network Client: Digitally Sign communications (always) is set to Enabled in FDCC. History: The server side settings are always ON (w2k3 SP2): HKEY_LOCAL_MACHINE\SYSTEM...
  • Blog Post: Updated LGPO utility sources

    The updated sources corresponding to the updated versions of the Apply_LGPO_Delta and ImportRegPol utilities are attached to this post.
  • Blog Post: Set_FDCC_LGPO.exe v1.05, source code

    Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.05 is attached to this blog post. (This blog doesn't support multiple file attachments per post...) [Attachment removed, as a newer version is available -- bookmark the landing page for the most up-to-date-links.]
  • Blog Post: Sample Files for Apply_LGPO_Delta

    Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy adjustment, as well as a batch file to run Set_FDCC_LGPO and Apply_LGPO_Delta in sequence. Those samples inadvertently got omitted from an upload at one point. I've updated those sample files and added...
  • Blog Post: Apply_LGPO_Delta and ImportRegPol updated

    I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities, which I have fixed in the versions now posted to the LGPO Utilities page . The “feature” (OK, the “bug”) allowed commands to set a registry value and to delete that registry value not to overwrite each other in the...
  • Blog Post: Apply_LGPO_Delta v1.01, source code

    Visual Studio 2005 project and source code files for Apply_LGPO_Delta v1.01 is attached to this blog post. [Attachment removed, as a newer version is available -- bookmark the landing page for the most up-to-date-links.]