Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog

The Non-Admin blog - running with least privilege on the desktop... and then dealing with the application compatibility fallout... and using Sysinternals and other utilities to figure things out

Browse by Tags

Tagged Content List
  • Blog Post: Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

    Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, "Use the vendor's guidance." Here is the...
  • Blog Post: Sysinternals at TechEd US 2014: LIVE

    Sorry for the late notice, but I just saw this: Sysinternals Primer: TechEd 2014 Edition will be airing live on Channel 9 starting at 5pm Central Daylight Time today . (That's in just over 4 hours from now as I write this.) Not sure about the link - try either http://channel9.msdn.com/Events...
  • Blog Post: Sysinternals at TechEd US 2014

    I'll be presenting " TWC: Sysinternals Primer: TechEd 2014 Edition " in Houston, Tuesday, May 13, 2014, 5:00pm-6:15pm US Central Time. Lots of cool stuff, including the "App Install Recorder" (I will post the scripts on this blog); great new features that Mark Russinovich has added to AccessChk, SigCheck...
  • Blog Post: Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

    Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 . It includes documentation, GPOs...
  • Blog Post: Sysinternals - and Pass the Hash - at TechEd next week.

    There are five talks highlighting the Sysinternals utilities at TechEd North America next week in New Orleans. They all happen to be on Thursday, June 6. Click the session titles for more information. The videos should be on Channel 9 within 24 hours of the talks. Hardcore Debugging Andrew Richards...
  • Blog Post: Mitigating "Pass the Hash"...

    Microsoft's Trustworthy Computing (TWC) has just published a whitepaper, Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques , of which I am a co-author. It discusses PtH attacks against Windows operating systems, how the attack is performed, and recommends mitigations for PtH...
  • Blog Post: From TechEd: Legacy Web App Issues, Sysinternals Gems, webcast with Mark Russinovich

    The two sessions I delivered at TechEd this year are now available online, as is the recording of my live Channel 9 webcast with Microsoft Technical Fellow (and my co-author) Mark Russinovich from TechEd Europe. And as I promised attendees of my Sysinternals talk, the TSSessions utility I wrote to enumerate...
  • Blog Post: Legacy Web App Security and Sysinternals at TechEd North America + Europe 2012

    I'm presenting a couple of sessions at TechEd North America 2012 in Orlando (June 11-14) and at TechEd Europe 2012 in Amsterdam (June 26-29). The first session is " Sysinternals Primer: Gems ", the latest in the Sysinternals Primer series (*). In the latest edition of the popular Sysinternals Primer...
  • Blog Post: Unintended Consequences and Sysinternals at Tech-Ed Available Online

    The two sessions I presented last week at Tech-Ed North America 2011 are now available for on-demand online viewing: Unintended Consequences of Security Lockdowns (which got an unexpected and appreciated plug from Raymond Chen ) is here: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM304...
  • Blog Post: IEZoneAnalyzer updated

    I just posted a major update to IEZoneAnalyzer, my IE security zone analysis and comparison utility, over on the Microsoft FDCC/USGCB blog. Lots of new features, including saving settings so they can be viewed and compared later and on other computers, and export to Excel. See that blog post for screenshots...
  • Blog Post: Unintended Consequences and Sysinternals at Tech-Ed North America 2011

    I'm presenting a couple of sessions at Tech-Ed in Atlanta (May 16-19, 2011) : The first is " Unintended Consequences of Security Lockdowns ", which was very highly rated when I presented it last month at TechReady, Microsoft's internal training event. Security-conscious organizations often lock...
Page 1 of 1 (11 items)