Microsoft's USGCB Tech Blog

A technical resource to help implement the US Govt Configuration Baseline (USGCB) on the Windows platform.

Browse by Tags

Related Posts
  • Blog Post: Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

    Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, "Use the vendor's guidance."...
  • Blog Post: Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

    Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 . It includes documentation, GPOs...
  • Blog Post: Apply_LGPO_Delta and ImportRegPol updated

    I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities, which I have fixed in the versions now posted to the LGPO Utilities page . The “feature” (OK, the “bug”) allowed commands to set a registry value and to delete that registry value not to overwrite each other in the...
  • Blog Post: Apply_LGPO_Delta v1.01, source code

    Visual Studio 2005 project and source code files for Apply_LGPO_Delta v1.01 is attached to this blog post. [Attachment removed, as a newer version is available -- bookmark the landing page for the most up-to-date-links.]
  • Blog Post: Set_FDCC_LGPO updated: v1.05

    [2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] The utility for applying FDCC configuration settings en masse to a computer has been updated: The 0x80070020 sharing-violation error code that occasionally occurred appears to be due to contention...
  • Blog Post: 12/19/2007 FDCC Webcast: Utility to Apply FDCC Settings to Local Policy

    Please post your comments and questions with respect to this webcast here...
  • Blog Post: IEZoneAnalyzer v3

    Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing...
  • Blog Post: Utilities for automating Local Group Policy management

    This page has the most recent versions of utilities for automating the management of Local Group Policy Objects (LGPOs). [Update, Jan 15, 2010: Instead of linking to another page containing the latest versions of the utilities, the utilities will always be attached to this page.] Because the software...
  • Blog Post: Set_FDCC_LGPO: Updated for 2008 Q3

    [2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] Set_FDCC_LGPO is a utility that we originally released in December that applies the Group Policy Objects provided by NIST on their web site to the Local Group Policy on the Windows XP or Windows Vista...
  • Blog Post: Source code for New and Updated Local Group Policy utilities

    Visual Studio 2008 source and project files for the new ImportRegPol utility and the updated Set_FDCC_LGPO and Apply_LGPO_Delta utilities for managing Local Group Policy Objects. Note that these are all now Visual Studio 2008 projects. [Update Jan 15 2010: new versions released -- see the LGPO...
  • Blog Post: Set_FDCC_LGPO: Updated for 2008 Q1

    [2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] Set_FDCC_LGPO is a utility that we released in December that applies the Group Policy Objects provided by NIST on their web site to the Local Group Policy on the Windows XP or Windows Vista computer you...
  • Blog Post: Viewing and Comparing IE Security Zone Settings

    The Security tab of the Internet Explorer Properties dialog shows security settings for the Internet, Intranet, Trusted Sites and Restricted Sites zones. However: It doesn’t show settings for the Local Machine (Computer) zone, nor for Local Machine Zone Lockdown (LMZL). When machine settings...
  • Blog Post: Set_FDCC_LGPO updated: v1.06

    Set_FDCC_LGPO has been updated to reflect the updated GPO content on NIST's download page . The FDCC settings have not changed. The updates contain only corrections to the downloads to more closely adhere to the FDCC settings. The updated Set_FDCC_LGPO is attached to this blog post. (This time I also...
  • Blog Post: Set_FDCC_LPGO v1.04 (Q3 2008) - Source code

    The source code and Visual Studio project files for the Set_FDCC_LGPO Q3 2008 update are included as an attachment to this post. To build the project, you need Visual Studio 2005 and the Windows SDK. The current NIST FDCC policy files are included in the attachment; to build with updated policy files...
  • Blog Post: New and Updated Local Group Policy Utilities

    A customer requested an addition to the local group policy toolset posted on the FDCC blog . While working on the new utility, I needed to upgrade the other two. The full set is attached to this post, with documentation. The source code for all of them is attached to a separate post . The new utility...
  • Blog Post: Apply_LGPO_Delta 1.0: utility to apply custom changes to Local Policy

    [2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] Apply_LGPO_Delta v1.0 is a non-interactive tool that is designed to help make automated changes to Local Group Policy. It can make changes to registry-based policy as well as apply security templates....
  • Blog Post: Set_FDCC_LGPO for Windows 7…

    … is not needed and will not be created. I had kind of blogged about this a while back but it was hidden under a more general title, so the question about Set_FDCC_LGPO on Windows 7 continues to get asked. This post offers another easy and flexible way for you to apply NIST’s GPOs and any...
  • Blog Post: Set_FDCC_LGPO - Source code

    The source code and Visual Studio project files for the Set_FDCC_LGPO utility are included at an attachment to this post. To build the project, you need Visual Studio 2005 and the Windows SDK. The current NIST FDCC policy files are included in the attachment; to build with updated policy files, the...
  • Blog Post: Apply_LGPO_Delta updated, v1.01

    Apply_LGPO_Delta is a utility for automating the management of local group policy -- administrative templates and security templates. First posted here , it has been updated with the same fix that was applied to Set_FDCC_LGPO to prevent the 0x80070020 sharing-violation error from occurring. Documentation...
  • Blog Post: FDCC is now USGCB

    Along with the release of official government guidance for Windows 7, NIST has rebranded the Federal Desktop Core Configuration (FDCC) as the United States Government Configuration Baseline (USGCB). NIST's spreadsheets, Group Policy Objects (GPOs) and virtual hard disks (VHDs) for Windows 7 can be downloaded...
  • Blog Post: Set_FDCC_LGPO.exe v1.06, Visual C++ project sources

    Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.06 is attached to this blog post. [Removed, as a newer version is available -- bookmark the landing page for the most up-to-date-links.]
  • Blog Post: IEZoneAnalyzer v3.5 with Zone Map Viewer

    IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings – that is, the configuration settings that grant web sites in the Intranet zone more capabilities in the browser than web sites in the Internet zone. Earlier today, I wrote about the surprisingly complex...
  • Blog Post: Webcast for upcoming Local GPO tool

    Updated, 28 April 2008 We're preparing a new utility for public release and will be demonstrating it in a webcast on Thursday, May 8, 2008 Tuesday, April 29, 2008 , 2:30pm Eastern time. The utility is called Apply_LGPO_Delta, and makes it possible to automate custom changes to local group policy...
  • Blog Post: Apply_LGPO_Delta 1.0 - source code

    The source code and Visual Studio project files for the Apply_LGPO_Delta utility are included at an attachment to this post. To build the project, you need Visual Studio 2005 or 2008 and the Windows SDK. Source code is provided "AS-IS" without warranty, and is not supported by Microsoft customer...
  • Blog Post: Set_FDCC_LGPO: Utility to apply FDCC settings to local group policy

    [2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] As promised in our webcast last week, we are publishing a utility that applies NIST's current set of GPOs to the Local Group Policy of the computer on which you run it. It -- and the accompanying ReadMe...