Back in the days of Windows XP IT administrators could disable the local administrator account on domain joined computers but still be able to use the account if they rebooted the computer into safe mode (see How to access the computer after you disable the administrator account ). To log on to Windows by using the disabled local Administrator…

Update: Microsoft have now released the patch to the .lnk vulnerability MS10-046: Vulnerability in Windows Shell could allow remote code execution . If you have previously deployed the workaround using this article then it is now time to reverse the change you made by simple jumping to Removing the KB2286198 Workaround via Group Policy section and following the instructions. Needless…

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. This book is a comprehensive guide at showing how to configure your Windows environment so that your users can operate without administrator permissions. While most administrators realise that giving administrators access to the end users…

In this article I am going to talk about how you can use Group Policy to control the firewall that comes out of the box with Windows but first I want to give you a bit of history of the evolution of host based firewall in Windows. Firewalls have long been around for year protecting internal corporate networks from outside…

This weeks setting is one that has just been mentioned in the AD Blogs Friday mail sack and until today was a setting/feature of Windows Vista/7 that I didn’t know existed. This setting display information about previous logons during a user logon and is very similar to the last logon screen I see when logging onto an online banking web…

Microsoft have now started to release definition updates to Microsoft Security Essentials (MSE) via WSUS. This now allows any corporate that is running WSUS to centrally deploy pattern updated from a single server. While most corporation probably will not have MSE deployed in their environment it might still be worth while to enable to ensure any fringe cases of computers…

BeyondTrust has just come out with a white paper entitled “90% of Critical Microsoft Windows 7 Vulnerabilities are Mitigated by Eliminating Admin Rights”. This paper has some very interesting statistics around the percentages of security issues that are mitigate if a users is not running as administrator. • 90% of Critical Windows 7 vulnerabilities reported to date • 100% of…

There is currently a security advisory out about a Zero Day vulnerability in Internet Explore 6 & 7 on Windows XP and Vista. While there is no patch out for this issues so far you can mitigate the security a number ways using Group Policy. Below I have listed two ways to implement the workaround as listed by Microsoft using…