Jeremy Moskowitz (fellow Group Policy MVP) has just appeared in an interview with Matt Hester on Bytes by TechNet web site. They covered how IT Professionals start with Windows 7 and Windows Server 2008 R2, why they need to know about Group Policy and what is new with Group Policy in Windows 7. Jeremy also highlighted some tips for his…

This year Microsoft are now making available for everyone the videos screen cast from the TechEd USA conference on the TechEd web site. So if you attended TechEd USA this year but didn’t get to see all the sessions or if you just missed out on going all together you can now check out all the session at http://www.msteched.com For…

One of the problem that face IT Administrators today is keeping up with all the security updates you need to deploy to your computers to keep them secure. This is even more exacerbated by the very large number of security updates associate with running multiple browsers. Also having multiple browsers on network could mean that you have totally patched one…

The NSW Department of Education and Training (DET) has come out and said that due to the new features in Windows 7 they were able to essentially build a computer to survive “the most hostile environment you can roll computers into”.

“DET also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed on the device.”

AppLocker is a new feature with Windows 7 that allows IT administrators to lock down application to specific product and/or vendors with having to specific the specific version. This feature allows them to only allow a specific white list of application on the computers. This essentially prevents anyone from running any non-authorised code on the computer thus making it VERY difficult to prevent people hacking the computer with third-party tools or malware. What is really nice with this feature is that it does not stop computer from running applications after they have been updated with hot fixes and service packs as AppLocker works on the digital signature on the file and not a hash of the file itself. This makes the IT Administrators overhead far less as they no longer need to add every possible version of an application to the white list when they want it to work.

While DET does seem to have done a lot in securing the devices to the Nth degree I still reckon it wont take long for someone to find some hack or workaround. I think the itNews headline is just inviting trouble by calling it “Unhackable”. I call it the “If something is said to be “unhackable” then it is far from being secure” maximum. ( More info about Security Maximum’s can be found at http://whysecurityfails.com/maxims.html ). But don’t get me wrong I don’t think that this will be a flaw in the technology but more a security issue with them forgetting to lock down some or even leaking the default BIOS password.

Source: NSW seeks to build ‘unhackable’ netbook network – Security – Technology – News – iTnews.com.au

Technorati Tags: Group Policy,AppLocker