How to stop local administrators from bypassing Group Policy

Before I begin this article might be, for some of you, this will be well know information and it might all seem rather logical. But I continue to see questions being asked on forums as how as a Group Policy administrator can I prevent my users with local admin making a specific change or installing software/drivers on their own computer. …

Continue reading ‘How to stop local administrators from bypassing Group Policy’ »

Vulnerability in Group Policy Fixed with MS15-011 & MS15-014

Today Microsoft published hotfix MS15-011 and MS15-014 that addressed a potential issues that could allow an man in the middle attack on computer. This vulnerability affected system that could be compromised by a man in the middle or what I like to call a “Coffee Shop Attack”. The summary is that by interfering with the …

Continue reading ‘Vulnerability in Group Policy Fixed with MS15-011 & MS15-014’ »

Out Now: Security Compliance Manager v2.5 Beta

Microsoft has just released Security Compliance Manager v2.5 beta https://connect.microsoft.com/site715/program2682 along with a heap of new security baseline for you to use to compare against your environment. In case you are not familiar with SCM then it is a great product from Microsoft that consolidates all the best practice for their software with in-depth explanation …

Continue reading ‘Out Now: Security Compliance Manager v2.5 Beta’ »

How to use Group Policy to deny executing, writing and/or reading on removable disks

Removable memory sticks are the back door for data in any organisation. BitLocker to Go can do some way to controlling this vector however you might want to simple close off all access to removable drives for all your users. So if you are running Windows 7 you will be glad to know there are …

Continue reading ‘How to use Group Policy to deny executing, writing and/or reading on removable disks’ »