Author: jay f

There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include:

• Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs.
• "Reason for access" reporting. This list of access control entries (ACEs) provides the privileges on which the decision to allow or deny access to the object was based. This can be useful for documenting the permissions, such as group memberships, that allow or prevent the occurrence of a particular auditable event.
• Advanced audit policy settings. These 53 new settings can be used in place of the nine basic auditing settings under Local PoliciesAudit Policy to allow administrators to more specifically target the types of activities they want to audit and eliminate the unnecessary auditing activities that can make audit logs difficult to manage and decipher

What are the benefits of the new and changed features?

New Control for UAC’s allowing user to configure the way that UAC work.

For Server 2008 r2 the built-in Administrator account in Windows Server 2008 R2 does not run in Admin Approval Mode The built-in Administrator account in Windows Server 2008 R2, which is the first account created on a server, does not run in Admin Approval Mode. All subsequently created administrator accounts in Windows Server 2008 R2 do run in Admin Approval Mode.

For Windows 7 the built-in Administrator account is disabled by default in Windows 7. If the built-in Administrator account is the only active local administrator account during an upgrade from Windows XP, Windows 7 leaves the account enabled and places the account in Admin Approval Mode. The built-in Administrator account, by default, cannot log on to the computer in Safe Mode

For enhanced convenience, Windows® 7 enables administrators and users to use fingerprint biometric devices to log on to computers, grant elevation privileges through User Account Control (UAC), and perform basic management of the fingerprint devices. Administrators can manage fingerprint biometric devices in Group Policy settings by enabling, limiting, or blocking their use.

What’s new in biometrics?

A growing number of computers, particularly portable computers, include embedded fingerprint readers. Fingerprint readers can be used for identification and authentication of users in Windows. Until now, there has been no standard support for biometric devices or for biometric-enabled applications in Windows. Computer manufacturers had to provide software to support biometric devices in their products. This made it more difficult for users to use the devices and administrators to manage the use of biometric devices.

Windows 7 includes the Windows Biometric Framework that exposes fingerprint readers and other biometric devices to higher-level applications in a uniform way, and offers a consistent user experience for discovering and launching fingerprint applications. It does this by providing the following:

• A Biometric Devices Control Panel item that allows users to control the availability of biometric devices and whether they can be used to log on to a local computer or domain.
• Device Manager support for managing drivers for biometric devices.
• Credential provider support to enable and configure the use of biometric data to log on to a local computer and perform UAC elevation.
• Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain. Group Policy settings can also prevent installation of biometric device driver software or force the biometric device driver software to be uninstalled.
• Biometric device driver software available from Windows Update.

This will be a a group of blogs dealing with what has changed in Windows 7

Windows AppLocker is a new feature in Windows® 7 and Windows Server® 2008 R2 that replaces the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as .exe files, scripts, Windows Installer files (.msi and .msp files), and DLLs.

AppLocker rules specify which files are allowed to run. Files that are not included in rules are not allowed to run.

A interesting feature of Applocker is that you can say allow application x and all new versions so that you can allow users to get upgrade without having to recreate new rules.

If you do not know love magic (I used to do this professionally) and during the event I was doing some magic at the MCT booth. For some fellow MCTs. Here is the Video some posted of the impromptu  Magic I did during the meeting.

http://www.youtube.com/watch?v=6NGqpgqTArM

I also took some folks to the Magic Castle

Where I am Member.

Come see me  speak at Tech- Ed talking about Windows Server 2008 and Client and NAP better together. I will be speaking Friday at 9am In room 502.

How to confirm your PC can run Windows XP Mode

Although OEMs have been shipping hardware virtualization in PCs for three years, hardware virtualization is not available in all PCs — so even if your PC is new, it may not have hardware virtualization. Additionally, those PCs with hardware virtualization have it turned off by default, so you will need to turn on the hardware virtualization capability before you can use it.

To determine whether your PC works with Windows XP Mode:

Step 1. Does my PC have a CPU with support for hardware virtualization?

For Intel processors:

• Download, install and run the Intel Processor Identification Utility.

• Navigate to the CPU Technologies tab and read the value in the "Intel Virtualization Technology" field.

  • If the value is No then your CPU does not support hardware virtualization.

  • If the value is Yes then the CPU supports hardware virtualization. Go on to step 2 below.

For AMD processors:
AMD Virtualization Compatibility Check Utility.

Step 2. Does my PC BIOS support hardware virtualization, and is it turned on?

Instructions to turn on hardware virtualization in your PC BIOS are specific to OEM models. It is important that after changing your BIOS settings the PC is completely shut down at the power switch before restarting so that the new BIOS settings can take place.

 

Windows Virtual PC Beta, a feature of Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise, provides you the capability to run multiple Windows environments such as Windows XP Mode from your Windows 7 desktop.

 

This is really cool you can run XP or just publish an XP Application while running Windows 7

to download go here

Welcome to Windows 7 Release Candidate (RC) testing. We’re on our way to Windows 7, and if you like trying out pre-release software, now’s your chance. You get to see what’s coming, and we get to see if our changes and fixes from the Beta testing are working correctly.

How do you test the software? You put it on your PC, and then do what you’d normally do. Your PC will automatically and anonymously send our engineers the information they need to verify the fixes and changes they made based on the Windows 7 Beta tests.

You don’t need to rush to get the RC. The RC will be available at least through July 2009 and we’re not limiting the number of product keys, so you have plenty of time.

Watch the calendar. The RC will expire on June 1, 2010. Starting on March 1, 2010, your PC will begin shutting down every two hours. Windows will notify you two weeks before the bi-hourly shutdowns start. To avoid interruption, you’ll need to install a non-expired version of Windows before March 1, 2010. You’ll also need to install the programs and data that you want to use. (Learn more about installing Windows.)

To download the software go here

Improve your productivity at work and impress your family at home with tips and tricks from Microsoft Press books. When you register for this free offer, each week (for eight weeks) we deliver to your inbox an e-mail message that includes a link to download a chapter from a key Microsoft Press book, as well as information about special offers. You can opt out of these communications at any time.
Click the following link to receive a chapter from Create Dynamic Charts in Microsoft Office Excel 2007 and Beyond, to be followed by a new chapter from a different book each week.

Week   Book chapter

1 Presentations in Excel that pack a punch

2 Dress up your Word documents with pictures, graphics, and stylized text

3 Organize your photos, music, videos, and more using Vista

4 Storyboard first – a way to improve your PowerPoint slide shows

5 Addicted to e-mail? Get ideas on how to process and organize your Outlook inbox

6 Setting up file sharing in Vista is easier than you think

7 Summarize data painlessly with pivot tables in Excel

8 Create an easy home movie using Vista

Go here to sign up