Microsoft's USGCB Tech Blog
A technical resource to help implement the US Govt Configuration Baseline (USGCB) on the Windows platform.
LGPO.exe - Local Group Policy Object Utility, v1.0
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces...
Author: Aaron Margosis Date: 01/21/2016
Interview on "Taste of Premier" about Security Guidance for Windows 8.1, Windows Server 2012 R2 and IE 11
Aaron Margosis interviewed on Channel 9's Taste of Premier about Security Guidance for Windows 8.1,...
Author: Aaron Margosis Date: 10/21/2014
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL
Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2...
Author: Aaron Margosis Date: 08/15/2014
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11
Although the US Government has not published a US Government Configuration Baseline (USGCB) standard...
Author: Aaron Margosis Date: 04/07/2014
IEZoneAnalyzer update: v3.5.0.5
I just posted a minor update to IEZoneAnalyzer. Version 3.5.0.5 fixes an issue in which IE10 was...
Author: Aaron Margosis Date: 06/19/2013
Legacy Web App Security and Sysinternals at TechEd North America + Europe 2012
I'm presenting a couple of sessions at TechEd North America 2012 in Orlando (June 11-14) and at...
Author: Aaron Margosis Date: 06/06/2012
Correction posted for IE Explicit Security Zone Mappings and IEZoneAnalyzer's Zone Map Viewer
I received some questions and comments about Internet Explorer's Explicit Security Zone Mappings and...
Author: Aaron Margosis Date: 05/14/2012
Enabling “Initialize and script ActiveX controls not marked as safe” in ANY zone can get you hurt, bad.
This post is about a security setting that is often underestimated in its ability to enable serious...
Author: Aaron Margosis Date: 11/03/2011
Top Ten Deployment Blockers
My colleague Shelly Bird, a highly esteemed Architect in Microsoft Public Sector Services, has years...
Author: Aaron Margosis Date: 10/18/2011
Alert: Java’s Forward-Compatibility Promise Has Been Revised
Java’s Forward-Compatibility PromiseWriting forward-compatible software is really hard. You...
Author: Aaron Margosis Date: 10/18/2011
IEZoneAnalyzer v3.5 with Zone Map Viewer
IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings...
Author: Aaron Margosis Date: 09/22/2011
Internet Explorer’s Explicit Security Zone Mappings
[Updated 15 May 2012 to correct a bug involving precedence of Computer policies over User policies.]...
Author: Aaron Margosis Date: 09/22/2011
Set_FDCC_LGPO for Windows 7…
… is not needed and will not be created. I had kind of blogged about this a while back but it...
Author: Aaron Margosis Date: 08/10/2011
IEZoneAnalyzer v3
Announcing a major update to the IE security zone analyzer! IEZoneAnalyzer is a utility for viewing...
Author: Aaron Margosis Date: 04/14/2011
“AlwaysInstallElevated” is Equivalent to Granting Administrative Rights
When removing administrative rights from end users, it’s important to ensure that there are no...
Author: Aaron Margosis Date: 01/24/2011
Adobe Reader X
This post is a bit off-topic. Neither the Federal Desktop Core Configuration (FDCC) nor the US...
Author: Aaron Margosis Date: 11/29/2010
Web Application Test Plan
This blog post describes how to perform basic web application testing to identify and fix...
Author: Aaron Margosis Date: 10/25/2010
Sticking with Well-Known and Proven Solutions
I work with a lot of customers, and there are some problems I see over and over. One problem that...
Author: Aaron Margosis Date: 10/06/2010
FDCC is now USGCB
Along with the release of official government guidance for Windows 7, NIST has rebranded the Federal...
Author: Aaron Margosis Date: 10/01/2010
Sample Files for Apply_LGPO_Delta
Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy...
Author: Aaron Margosis Date: 03/24/2010
Job opening: Senior Software Development Engineer
As you may know, the Federal Desktop Core Configuration is largely based on Microsoft’s...
Author: Aaron Margosis Date: 01/27/2010
Updated LGPO utility sources
The updated sources corresponding to the updated versions of the Apply_LGPO_Delta and ImportRegPol...
Author: Aaron Margosis Date: 01/15/2010
Apply_LGPO_Delta and ImportRegPol updated
I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities,...
Author: Aaron Margosis Date: 01/15/2010
Problems with FDCC’s XP File Permissions
A few months ago I blogged about a case in which an ill-advised registry hack caused application...
Author: Aaron Margosis Date: 12/02/2009
Viewing and Comparing IE Security Zone Settings - enhanced
I've enhanced the IE security zone comparison utility that I posted here a few weeks ago. The new...
Author: Aaron Margosis Date: 11/07/2009
Viewing and Comparing IE Security Zone Settings
The Security tab of the Internet Explorer Properties dialog shows security settings for the...
Author: Aaron Margosis Date: 10/01/2009
The Case of the Unexplained Installation Failure (and an ill-advised registry hack)
Since Mark Russinovich hasn’t trademarked his “Case of the Unexplained…” series, I’m appropriating...
Author: Aaron Margosis Date: 09/28/2009
Source code for New and Updated Local Group Policy utilities
Visual Studio 2008 source and project files for the new ImportRegPol utility and the updated...
Author: Aaron Margosis Date: 09/15/2009
New and Updated Local Group Policy Utilities
A customer requested an addition to the local group policy toolset posted on the FDCC blog. While...
Author: Aaron Margosis Date: 09/15/2009
FDCC Vista Application Development Requirements
OverviewNOTE: This entry only focuses on the Windows Vista version of the FDCC and desktop...
Author: cgreene Date: 07/08/2009
FDCC and Internet Explorer 7, Part 3 – Protected Mode
This is the [long-delayed] third installment in a series discussing various issues regarding the...
Author: Aaron Margosis Date: 06/16/2009
Set_FDCC_LGPO.exe v1.06, Visual C++ project sources
Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.06 is attached to this...
Author: Aaron Margosis Date: 04/15/2009
Set_FDCC_LGPO updated: v1.06
Set_FDCC_LGPO has been updated to reflect the updated GPO content on NIST's download page. The FDCC...
Author: Aaron Margosis Date: 04/15/2009
Apply_LGPO_Delta v1.01, source code
Visual Studio 2005 project and source code files for Apply_LGPO_Delta v1.01 is attached to this blog...
Author: Aaron Margosis Date: 03/19/2009
Apply_LGPO_Delta updated, v1.01
Apply_LGPO_Delta is a utility for automating the management of local group policy -- administrative...
Author: Aaron Margosis Date: 03/19/2009
Set_FDCC_LGPO.exe v1.05, source code
Visual Studio 2005 project files and source code for Set_FDCC_LGPO.exe v1.05 is attached to this...
Author: Aaron Margosis Date: 01/23/2009
Set_FDCC_LGPO updated: v1.05
[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.] The...
Author: Aaron Margosis Date: 01/23/2009
FDCC and Internet Explorer 7, Part 2 – Impact on Users
This is the second installment in a series discussing various issues regarding the intersection of...
Author: Aaron Margosis Date: 11/12/2008
FDCC Blog Alert: Issue with Windows Vista SP1 and GPResults
Author: Mandy Tidwell, Senior Consultant Applies to: Windows Vista SP1Setting: Computer...
Author: Mandy Tidwell Date: 10/21/2008
FDCC Blog Alert: Issue with Windows XP/Vista and IPSec
Author: Mandy Tidwell, Senior Consultant, Microsoft Consulting ServicesCredit: Jim Riekse,...
Author: Mandy Tidwell Date: 10/21/2008
Application / Certificate Performance Issues with Vista and FDCC
SummaryIn the process of defining the FDCC image, the National Institute of Standards (NIST)...
Author: Mandy Tidwell Date: 10/13/2008
FDCC Blog Alert: Issue with Vista SP1
Author: Shelly Bird Credit: Syed Ismail, Ben ChristenburyApplies to: Vista SP1 alone.Setting:...
Author: Mandy Tidwell Date: 09/26/2008
FDCC and Internet Explorer 7, Part 1: Security Zones
@font-face { font-family: wingdings; } @font-face { font-family: Cambria Math; } @font-face {...
Author: Aaron Margosis Date: 09/19/2008
Set_FDCC_LPGO v1.04 (Q3 2008) - Source code
The source code and Visual Studio project files for the Set_FDCC_LGPO Q3 2008 update are included as...
Author: Aaron Margosis Date: 06/28/2008
Set_FDCC_LGPO: Updated for 2008 Q3
[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.]...
Author: Aaron Margosis Date: 06/28/2008
Q&A From "Using BitLocker with FDCC and FIPS" webcast
Q&A content from the "Using BitLocker with FDCC and FIPS" webcast from May 27, 2008. The...
Author: Aaron Margosis Date: 05/29/2008
Apply_LGPO_Delta 1.0 - source code
The source code and Visual Studio project files for the Apply_LGPO_Delta utility are included at an...
Author: Aaron Margosis Date: 05/07/2008
Apply_LGPO_Delta 1.0: utility to apply custom changes to Local Policy
[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.]...
Author: Aaron Margosis Date: 05/07/2008
Utilities for automating Local Group Policy management
Update, 21 January 2016: LGPO.exe is a new command-line utility to automate the management of local...
Author: Aaron Margosis Date: 05/07/2008
Webcast for upcoming Local GPO tool
Updated, 28 April 2008We're preparing a new utility for public release and will be demonstrating it...
Author: Aaron Margosis Date: 04/25/2008