The OMB mandate requiring federal agencies to deploy hardened configurations for their Windows-based computers has driven the creation of the Federal Desktop Core Configuration. This blog is a resource to help customers and partners understand Microsoft's response to the mandate and how we are helping by providing guidance, tools, and solutions.
Please post your comments and questions with respect to this webcast here...
I am involved in creating a Vista image that can be deployed across the company. This means that the target system gets sysprep'd before being imaged. Sysprep strips out certain registry settings.
My question is: will ALL of the FDCC settings applied by the Set_FDCC_lgpo.exe tool make it through the imaging process so that when a computer has this image applied to it it boots with all of the FDCC settings enforced?
I have been using this utility with sysprep'd images and have not found any of the FDCC settings to be removed.
What you may find is that some imaging products may have an issue capturing the image with all of the settings in place. In that case, I have suggest applying the default FDCC settings and then immediately applying a separate mechanism (security template or reg file) to loosen only specific settings causing problems. These loosened settings may then be stregnthened at the time the image is deployed.
Follow-up to my imaging process question. We will be using ImageX as our imaging tool. Does ImageX have any known issues "capturing the image with all of the settings in place"?
Mandy Tidwell (Microsoft FDCC Team):
No. I have not had any problems using ImageX to capture an image with the FDCC settings in place. Where you tend to run into problems is with tools that rely on autoadminlogon or the RunOnce key in the registry. Both of these are disabled by FDCC.
