Group Policy, Y'all

In this series, I discuss AppLocker (application whitelisting/blacklisting) in Windows 7:

• Part 1:  Planning – Planning your AppLocker deployment including how to auto-generate rule and how to audit your rules first.
• Part 2:  Best Practices – Best Practices for writing your AppLocker rules.
• Part 3:  Testing – How to test your AppLocker rules before deploying them to end users.
• Part 4:  Deployment – Deploying AppLocker to your end users.

BitLocker Drive Encryption Error
Cannot run.

Following our last tip, today’s Group Policy Quick Tip is about adding additional security to Remote Desktop sessions on your computers.  Normally, an RDP session is established before authentication takes place.  Enabling Network Level Authentication (NLA) allows authentication to take place before the RDP session is established.

Why would you want to set this policy?

• Using NLA secures your Remote Desktop sessions by requiring that remote client authenticate earlier.  A number of recent RDP exploits (and I’m sure future ones) were preventable if you had NLA enabled.

Where is the policy located?

• Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > Require user authentication for remote connections by using Network Level Authentication

Configurable Options

• Enabled – Only clients that support Network Level Authentication will be able to connect to RDS on the local system.
• Disabled – Network Level Authentication is not required.

Supported Operating Systems/Software

• Windows Vista and up

Gotchas and Other Considerations

• Your RDP client must support the RDP 6.0 protocol.  Any Windows 7, Vista, or XP SP3 box should work.  The latest RDP client for Mac will work also.

Welcome to the first of what will [hopefully] be an ongoing feature here at GPYall.com!  After troubleshooting a Group Policy problem for someone (completely and totally unrelated to Remote Desktop), the person I was helping told me how he just kept forgetting to set this one setting for new PC’s.  A rather long discussion ensued about creating PC images, checklists, automated OS deployment, etc.  While we were talking, I realized that I take a lot of the settings that I typically put into my Computer and User policies for granted.  There are so many ‘set it and forget it’ settings that you literally set once and never think about again.  Today’s tip is for one of those setting that you should set and forget:  enabling Remote Desktop in Group Policy. Continue reading…

Here’s a series of articles I wrote for 4Sysops.com on setting up your Active Directory for BitLocker.  It includes the instructions, Best Practices from Microsoft, and tips & tricks:

• Part 1: Introduction
• Part 2: Schema Update, ACE Settings, Password Recovery Viewer
• Part 3: Group Policy Settings
• Part 4: Encrypting Hard Disks
• Part 5: BitLocker to Go
• Part 6: View Recovery Information
• Part 7: Tips and Troubleshooting

Problem:  
You receive the following error message when trying to enter Unity on a guest virtual machine in VMware Player:   The virtual machine cannot enter Unity mode.  Check that Unity is supported for this guest operating system and that the latest version of VMware Tools is installed.

Continue reading…