Running an Application as Administrator or in Compatibility Mode

Today someone in a forum asked how to programmatically configure an application so that it runs in compatibility mode. Configuring this manually is easy, just open the file’s properties, select the Compatibility tab and apply the required settings. On Windows 7 this then looks as shown in the picture below. Now whatever we configure here, it all gets written to the following location in the Windows Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers If the settings have to apply Read More …

GPO Settings for Microsoft Security Essentials

With the release of the latest version of Microsoft Security Essentials 2.0 in December 2010, Microsoft also changed the licensing terms. Small Business. If you operate a small business, then you may install and use the software on up to ten (10) devices in your business. Now although 10 PCs isn’t a lot, some Administrators might be interested in configuring their Microsoft Security Essential clients with a GPO. Fabien Duchene has created an Administrative template Read More …

A Security Baseline Resource for Windows 7–Internet Explorer and Windows 7 Firewall

If you are looking for some ideas how to secure your Windows 7 clients, have a look at the USGCB (The United States Government Configuration Baseline). The USGCB has been developed by the Department of Defense (DoD) and the National Institute of Standards and Technology. The documentation looks impressive and even if you aren’t going to apply all of these 1-1, it might give you some ideas on how to make your clients more secure. Read More …

Automated Microsoft Security Essentials Installation

For all those that frequently setup test machines and get tired of manually installing the Microsoft Security Essentials 2.0, here’s a straight forward batch file (even a regular user could use) that does the following: Downloads the Microsoft Security Essential 2.0 (x86) installation source file Installs Microsoft Security Essentials 2.0 Downloads and updates the virus definition signature file   [sourcecode language=”plain”] @ECHO OFF Echo Downloading Microsoft Security Essentials 2.0 (x86) start /wait bitsadmin /TRANSFER MSE20 Read More …

ReadTip: How to use Group Policy Preferences to Secure Local Administrator Groups

As we come to the year’s end I was doing some housekeeping in my home lab. Too many unused VMs, ad-hoc created Accounts etc. In the end I thought why not apply the same methods we apply within our enterprise environments and so I did. I was actually just about to blog how I solved the local Administrators group management through group policy preferences, but before I started writing that down I thought let’s see Read More …

Least Privilege Security for Windows 7, Vista and XP

Yesterday I received a pre-release copy of Russel Smith’s book called Least Privilege Security for Windows 7, Vista and XP. The book is entirely dedicated to the subject of running Least Privilege Security (or standard user accounts) on Windows operating systems in the enterprise. The book has 420 pages and covers the following topics: Chapter 1, An Overview of Least Privilege Security in Microsoft Windows Chapter 2, Political and Cultural Challenges for Least Privilege Security Read More …

Updated MS10-015 Security Update and Kernel Update Compatibility Assessment Tool

During the past weeks we have seen quite some messages about the MS10-015 security update which can cause bluescreens after being installed. According to a recent post on the Microsoft Security Response Center blog there is a revised installation package for MS10-015 that prevents the update from installing if abnormal conditions exist such as an infection of a computer virus as the Alureon rootkit. More details about the updated MS10-015 security update can be found Read More …

ToolTip: Fiddler HTTP Debugging Proxy

During an Application Compatibility webcast I attended recently the presenter mentioned the Fiddler Tool. There are many network traffic monitoring Tools out there, but if you are just after capturing HTTP traffic, this one should get your attention. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data Fiddler is FREE Read More …

AGPM Least Privilege Scenario (External)

Just going through an AGPM Installation (Advanced Group Policy Management) where I had to choose an Account for the AGPM Service which can be the Local System Account or a domain user account. Instead of just clicking next next…. I found some good guidance in the Ask the Directory Services Team blog – AGPM Least Privilege Scenario article. Also read Locking down AGPM fit for least privilege. Never heard of AGPM before ? Then watch Read More …

WSUS Client Diagnostic Tool

Having trouble with a client not getting updates from your Windows Update Services Server ? Then have a look at the WSUS Client Diagnostics Tool.  The tool performs various system checks and tests the communication between your client and the WSUS server. The Tool can be downloaded from the Windows Server Update Services Tools and Utilities site at Microsoft TechNet.