Sep
08
2011
This article describes how to digitally sign an Excel VBA project with a certificate issued by your ADCS PKI. You can use the same method to sign any Office VBA project but in this post we will focus on Excel. For an introduction on how to sign Office macros you can read these KB and MSDN articles.
Read more »
Aug
07
2010
You might already know that Windows 2000 and XP SP2 are not supported by MS since the 13th of july 2010. As a consequence you cannot install new security patches released by MS on these platforms. A critical security vulnerability MS10-46 is corrected by the KB2286198 patch which was released the 3rd of august. This patch applies at least to Windows XP SP3 (for workstation versions) and Windows 2003 SP2 (for server versions). The KB article explains a workaround for the security patch, you need to edit two registry keys and disable a service.
You can apply this workaround on earlier version of Windows, if all your computers are not up to date. The disavdantage of this method is that icon images will disappear on some of your *.lnk files. So my advice is to upgrade as soon as possible your computers to a version which is supported by MS and apply the official security patch. Use the workaround only as last resort, the purpose of this post is to show you how to deploy this workaround with a GPO and play with WMI filtering. The Group Policy Center already wrote an article on how to deploy this workaround with GPO. We will just show you in this post how to target more precisely your computers which need the workaround by using WMI filers. We will achieve this under Windows 2008 by using Group Policy Preferences and activate the GPO workaround on the computers which have not the KB2286198 security patch installed. And we will show you how to achieve the same thing under AD 2003, without using Group Policy Preferences.
Read more »
May
09
2010
We will describe in this post how to secure your autologon workstations. Those PCs are accessed by everyone inside your company because no account and password are required to login.This is why you need to work out how to secure them.
The autologon workstation uses a service user account to open a windows session, the most obvious way to set up an autologon on a workstation is to edit registry keys. This method is not secure because the account credentials appear in clear text in the registry, meaning that the account can easily be used for other purpose.
Read more »