Microsoft's USGCB Tech Blog

A technical resource to help implement the US Govt Configuration Baseline (USGCB) on the Windows platform.

Browse by Tags

Related Posts
  • Blog Post: Enabling “Initialize and script ActiveX controls not marked as safe” in ANY zone can get you hurt, bad.

    This post is about a security setting that is often underestimated in its ability to enable serious harm when relaxed. Microsoft’s security guidance, the US Government Configuration Baseline (USGCB) and other security guidance currently mandate only that it be locked down in the Internet and Restricted...
  • Blog Post: IEZoneAnalyzer v3

    Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing...
  • Blog Post: Viewing and Comparing IE Security Zone Settings

    The Security tab of the Internet Explorer Properties dialog shows security settings for the Internet, Intranet, Trusted Sites and Restricted Sites zones. However: It doesn’t show settings for the Local Machine (Computer) zone, nor for Local Machine Zone Lockdown (LMZL). When machine settings...
  • Blog Post: FDCC and Internet Explorer 7, Part 3 – Protected Mode

    This is the [long-delayed] third installment in a series discussing various issues regarding the intersection of Microsoft Internet Explorer 7 and the Federal Desktop Core Configuration (FDCC). The FDCC bears close resemblance to Microsoft’s security guidance for Windows XP and Windows Vista, so this...
  • Blog Post: Alert: Java’s Forward-Compatibility Promise Has Been Revised

    Java’s Forward-Compatibility Promise Writing forward-compatible software is really hard. You carefully write your programs strictly according to the current specifications for your target platform, and it works perfectly well on that platform. But eventually that platform and its specifications...
  • Blog Post: Viewing and Comparing IE Security Zone Settings - enhanced

    I've enhanced the IE security zone comparison utility that I posted here a few weeks ago. The new version shows the effective settings for a selected zone, based on the precedence rules for User and Computer policies and preferences (as described here ) and whether only Machine settings are used. Pick...
  • Blog Post: Web Application Test Plan

    This blog post describes how to perform basic web application testing to identify and fix compatibility issues. These procedures are designed for non-experts and not to require deep expertise in web application development. The target platform is assumed to be Internet Explorer 8 running on Windows 7...
  • Blog Post: FDCC and Internet Explorer 7, Part 1: Security Zones

    This multi-part series will discuss various issues regarding Microsoft Internet Explorer 7, particularly with regard to its use on Federal Desktop Core Configuration (FDCC) compliant systems. The FDCC is based on Microsoft’s security guidance for Windows XP and Windows Vista, so this series will likely...
  • Blog Post: FDCC and Internet Explorer 7, Part 2 – Impact on Users

    This is the second installment in a series discussing various issues regarding the intersection of Microsoft Internet Explorer 7 and the Federal Desktop Core Configuration (FDCC). The FDCC bears close resemblance to Microsoft’s security guidance for Windows XP and Windows Vista, so this series will be...
  • Blog Post: IEZoneAnalyzer v3.5 with Zone Map Viewer

    IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings – that is, the configuration settings that grant web sites in the Intranet zone more capabilities in the browser than web sites in the Internet zone. Earlier today, I wrote about the surprisingly complex...
  • Blog Post: Internet Explorer security setting, "Java Permissions: Disable Java"

    [Authors: Aaron Margosis and Shelly Bird] We recently noted in testing some problems with the Disable Java setting. We had stated in a recent FDCC LiveMeeting that the "Java Permissions/Disable Java" IE security zone settings only apply to the Microsoft Java Virtual Machine (MSJVM). Our testing...
  • Blog Post: Internet Explorer’s Explicit Security Zone Mappings

    [Updated 15 May 2012 to correct a bug involving precedence of Computer policies over User policies.] I recently worked with some customers who wanted to enumerate which web sites had been assigned to which Internet Explorer security zones. I.e., they wanted to know which web sites had been assigned...
  • Blog Post: IEZoneAnalyzer update: v3.5.0.5

    I just posted a minor update to IEZoneAnalyzer. Version 3.5.0.5 fixes an issue in which IE10 was reported as version "9.10.9200.16614"; it now reports a 10.* version number. (*) Version 3.5.0.5 also adds text corresponding to new IE security zone settings, adds back in a set of sample files that...
  • Blog Post: Correction posted for IE Explicit Security Zone Mappings and IEZoneAnalyzer's Zone Map Viewer

    I received some questions and comments about Internet Explorer's Explicit Security Zone Mappings and about the latest version of IEZoneAnalyzer containing the Zone Map Viewer. I hadn't had time to dig into the questions so they lingered, but I finally carved some time to post answers to those questions...