Kurt Shintaku's Blog

Software Restriction Policies (SRP) was originally designed in Windows XP and Windows Server 2003 to help IT professionals limit the number of applications that would require administrator access. With the introduction of User Account Control (UAC) and the emphasis of standard user accounts in Windows Vista, fewer applications today require administrator privileges. As a result, AppLocker was introduced to expand the original goals of SRP by allowing IT administrators to create a comprehensive list of applications that should be allowed to run.

The following table compares AppLocker to SRP:

For more information visit the AppLocker resource pages on Microsoft.com:
http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx

Note: The above content is the same content from the Technet article “AppLocker: Frequently Asked Questions” at:
http://technet.microsoft.com/en-us/library/ee619725(v=WS.10).aspx#BKMK_SRPdifferences.

A customer pointed me to this document about whitelisting produced by the National Security Agency and I thought it was rather interesting:

• Application Whitelisting Using Software Restriction Policies
  http://www.nsa.gov/ia/_files/os/win2k/Application_Whitelisting_Using_SRP.pdf

What is different in the NSA’a approach from typical whitelisting techniques is that they actually restrict where applications can be installed and run.

NSA’s Application Whitelisting Breakthrough (February 10, 2012) The National Security Agency (NSA) has developed an approach to application whitelisting that consumes considerably fewer resources to deploy than standard whitelisting techniques. Instead of purchasing expensive software and employing people to update whitelists, the NSA’s approach focuses on specific areas of computers where downloaded applications are permitted to execute.

Discussed online in various posts, the approach essentially takes the functionality built into Windows and adapts it for this new approach to securing an organization from threats.  (http://gcn.com/articles/2012/02/13/nsa-whitelisting-apps-secure-systems.aspx, http://www.nextgov.com/nextgov/ng_20120210_8712.php?oref=topnews)

This brings up the topic, “How is whitelisting implemented within Windows 7?”  The implementation for Enterprises using Windows 7 Enterprise Edition is called AppLocker and is a dramatic improvement over the Software Restriction Policies that are available within Windows XP, a pseudo-whitelisting technology that was implemented in the Windows XP timeframe.

Here are some references to better understand Windows 7 Enterprise Edition’s AppLocker technology:

• OVERVIEW: AppLocker: IT’s First Security Panacea?
  http://technet.microsoft.com/en-us/magazine/2009.10.geekofalltrades.aspx
• VIDEO:  Windows 7 AppLocker Video Walkthrough
  PLAY: http://technet.microsoft.com/en-us/windows/dd320283
  DOWNLOAD: http://www.microsoft.com/download/en/details.aspx?id=12084
• DOCUMENTATION:  AppLocker Technical Documentation
  ONLINE: http://technet.microsoft.com/library/dd723678.aspx
  DOWNLOAD: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13431
• CASE STUDY: AppLocker Deployment at Microsoft
  http://www.microsoft.com/download/en/details.aspx?id=28372

Over the past year, Microsoft has been discussing the vast possibilities offered by the emergence of a new category within the traditional embedded market — intelligent systems. Microsoft outlined a product road map for its intelligent systems vision. 

As part of that plan, Microsoft is making the Windows Embedded Standard 8 community technology preview (CTP) available on the x86 architecture.  The Windows Embedded Standard 8 CTP is an important step in giving developers and enterprises an opportunity to evaluate Windows 8 technologies for connecting specialized devices to powerful back-end software.  With the recent release of the Windows 8 Consumer Preview and Windows Server 8 beta, along with this week’s launch of SQL Server 2012 and Windows Embedded Standard 8 CTP, Microsoft is offering a good look at a new, common set of technologies that spans specialized devices, servers, PCs and applications.

• DATASHEET:  Windows Standard 8 CTP
  http://download.microsoft.com/download/7/8/8/788683FC-9E7E-4090-8272-B9CE73E0C7B2/Windows%20Embedded%20Standard%208%20CTP_datasheet.pdf
• DOWNLOAD: Windows Embedded Standard 8 Community Technology Preview
  http://www.microsoft.com/windowsembedded/en-us/evaluate/windows-embedded-standard-8-ctp.aspx

It’s free!  So jump on it!

TechNet Virtual Lab: System Center 2012 Configuration Manager: Migration from Configuration Manager 2007

After completing this lab, you will be better able to configure a Configuration Manager 2012 hierarchy to migrate data from a Configuration Manager 2007 environment, create migration jobs based on collections and on individual objects, migrate objects from Configuration Manager 2007 to Configuration Manager 2012, and migrate a client to Configuration Manager 2012.

• VIRTUAL LAB: Migrating from Configuration Manager 2007 to Configuration Manager 2012
  https://cmg.vlabcenter.com/default.aspx?moduleid=939bdf0f-fe3e-431c-8da8-8fc8a13d5774

Wow!  Microsoft’s cloud productivity services drop 20% in price! 

Customers continue to give us fantastic feedback on Office 365. Since we launched last summer, we’ve been happy to serve great companies like JetBlue, Patagonia, Campbell Soup Company, Groupe Marie Claire, and Tata Steel Europe. We’re regularly delivering new value in the service, releasing updates now monthly, and recently brought Office 365 to another 22 new markets to grow our global footprint to 64 geographies – with more to come!

As we rapidly add customers, the cost to run Office 365 becomes more efficient. This is the beauty of the cloud where we can deliver economies of scale through our worldwide data centers and economies of skill with our engineers, administrators, and support teams operating the service.

With these efficiencies, we’re able pass on savings to make it even more affordable for customers of all sizes to move to Office 365. So, I’m thrilled to announce that we’re lowering the prices of most of our Office 365 for enterprise plans by up to 20%. These changes are effective today at Office365.com for new and renewing direct customers.

Read more at the Office 365 blog:  http://bit.ly/A9dgP7

No joke!  After a 10 year hiatus, the Microsoft Exchange Conference – aka the MEC – is back!

http://www.mecisback.com/

Here’s the announcement on the Exchange blog:

In the late 90’s and first years of the 21st century, our team along with many of you were part of one of the most valuable technical education and community events in the industry. This event, focused entirely on Microsoft Exchange Server, brought together thousands of Exchange administrators, architects, consultants and partners with an abundance of the Exchange product group itself, hunkered down in a conference center to do nothing but soak in the goodness of Exchange.

Together, we shared deep insight about the latest product details and received a tailored education that helped all of you in the community move your infrastructures forward successfully and helped us on the Exchange team build a better product. Along the way, we had a pretty great time together, got to know each other and returned home better for the experience.

After a mysterious ten year hiatus, filled with spirited requests from the community at large, MEC IS BACK!

DATE:
9/24/12

LOCATION:
One obvious point, in case you missed it, is that it looks like it’s going to be located in Orlando, FL based on the geographical coordinates provided on the web site.

Read more at “MEC is Back!”:
http://blogs.technet.com/b/exchange/archive/2012/03/06/mec-is-back.aspx

Want an introduction to Windows Server “8”?

• https://www.microsoftvirtualacademy.com
  /tracks/windows-server-8-first-look?prod=zWin8z&type=zTRz&prog=zMVAz

Attend this course to learn how to cloud optimize your IT with Windows Server “8”. We will show you how you can take advantage of the skills and investment you’ve already made in building a familiar and consistent platform. Windows Server “8” builds on that familiarity and cloud optimizes your IT. With Windows Server “8”, you gain all the Microsoft experience behind building and operating private and public clouds, delivered as a dynamic, available, and cost-effective server platform. The course will cover how Windows Server "8" delivers value in four key ways including how it takes you beyond virtualization, delivers the power of many servers, opens the door to every app on any cloud, and enables the modern workstyle.

The module will cover how Windows Server "8" delivers value in four key ways including how it takes you beyond virtualization, delivers the power of many servers, opens the door to every app on any cloud, and enables the modern workstyle.

Click on the materials below. These materials are external documents and will be opened in a new window. Please come back to this track once you have reviewed it.

• Windows Server "8" First Look
• Windows Server "8" Download
• Windows Server "8" First Look Student Manual

No, seriously.  See why Office Web Apps is the better choice for sharing documents.

People expect existing Word documents from their desktop to look identical when they share them in the cloud. In this demo, you will see completely different results when viewing the same document using Word Web App and using Google Documents.

Seeing is believing. Check out the full document in Word Web App. Then in Google Docs.

You didn’t want that chart there, did you? Because, if you share it with someone using Google Docs, it could disappear. If you don’t want that to happen (and really, why would you?), use Office Web Apps* for free instead. It’s the best way to help protect the integrity of your uploaded Microsoft Word, PowerPoint, Excel and OneNote documents.

GET STARTED NOW > Watch our videos to see how it feels when things don’t turn out the way you planned

———————————-

Here are a few things that can change or go missing when you use Google Docs:

• Images
• Sparklines
• SmartArt
• Filters
• Charts
• Conditional Formatting
• Footers
• Headers
• Watermarks

Microsoft IT Showcase is pleased to announce the publication of How Microsoft Reduced Bandwidth Utilization Using Windows 7 and Windows Server 2008 R2 BranchCache, which discusses the time and financial savings when leveraging Windows Server 2008 R2 BranchCache. 

How Microsoft Reduced Bandwidth Utilization Using Windows 7 and Windows Server 2008 R2 BranchCache

In conjunction with Windows Server 2008 R2 and Windows 7, Microsoft IT leverages BranchCache which caches local copies of content from Web and file servers to enhance performance and reduce bandwidth utilization on Wide Area Networks (WAN), eliminating the need for clients on a WAN having to go over slower links to get access to files. This functionality saves employees time and productivity while at the same time saving money on bandwidth costs.

Video |

Products & Technologies

• BranchCache
• Windows 7
• Windows 7 SP1
• Windows Server 2008
• Windows Server 2008 R2

Learn more about how Microsoft does IT

• Publication announcements: http://facebook.com/ITshowcase
• Content:  http://microsoft.com/technet/itshowcase

How Microsoft IT Empowers Workers to Collaborate Anytime and Anywhere

Microsoft IT will speak in depth about their experience deploying Lync 2010. During the showcase you will hear how Microsoft IT made it possible for teams to collaborate anywhere and on their own terms by using a suite of real time collaboration tools through Lync 2010. By deploying Lync 2010, Microsoft was able to take advantage of the efficiency and productivity gains of the latest real-time collaboration tools.

Attend this showcase to hear about hot topics related to Lync 2010.

Showcase Agenda Topics

• Overview of Business Challenges that prompted deployment
• Lync Server 2010 Environment and Infrastructure
• Deployment and Migration
• ROI and Benefits of Deployment
• Adoption and Education
• Operations and Support
• Lessons Learned
• Hands-on test drive of Lync fully enabled

Benefits from Attending

• Hear about best practices of deployment planning
• Learn about expected benefits of deployment
• This is your chance to get hands on with Lync and experience first-hand how it simplifies communication

Date: April 4, 2012

Time: 8:30am – 12:00pm
Breakfast and lunch will be provided.

Location: Microsoft Technology Center
3 Park Plaza Suite 1600, Irvine CA 92614

Registration:  If you’re a customer of mine, please contact me for registration information.  Attendees will not be admitted without registration.