Tuesday, February 14, 2006

Use Group Policy Software Restrictions to control LUA

The least-privileged user account (LUA) principle is great - but in some situations very hard to implement. One of these places is my home computer :) shared by all the family members. Running games etc. without admin permissions is almost impossible.

While reading the Applying the Principle of Least Privilege to User Accounts on Windows XP article, I was linked to Browsing the Web and Reading E-mail Safely as an Administrator, Part 2 and discovered something new about the Software Restriction feature of Group Policy. I have been using Software Restriction for a while. I use it for preventing spyware from starting as Software Restrictions is 'stronger' than administrative permissions.
What I discovered, reading the article, was that there is a hidden feature, that can be enabled. This feature called 'Basic User', gives Group Policy control over programs. This means that you can force programs - like Internet Explorer - to start in restricted mode (same as using runas + protect my computer and data from unauthorized program activity) without any user intervention.

Right now, I have implemented it and is giving it a go. Let's see if my kids start to scream...

Saturday, February 04, 2006

Choosing a new EASI passport domain for MSN

As I wrote in my earlier post on "Issues with EASI passport domains, LCS and MSN Messenger" a change of the EASI passport domain is sometimes necessary when implementing LCS PIC. But the link provided in the post will only allow you to change the domain to either hotmail.com or messengeruser.com - if say you would like to change from dlt@inceptio.dk to dlt@inceptio.org, then it is possible through https://accountservices.passport.net/. Just choose Credentials and then Change your e-mail address. From there you will be able to choose your new EASI domain address (Thanks to Per the hint).

HMC 3.5 Feature Pack 1 released

HMC 3.5 Feature Pack One includes additional resource management feature capabilities and some partner-requested solution fixes for the Hosted Messaging and Collaboration version 3.5 solution. It is strongly recommended that any service provider deploying Hosted Messaging and Collaboration version 3.5 download and install this feature pack, once they have installed HMC version 3.5.

Microsoft just released Feature Pack 1 for Hosted Messaging and Collaboration 3.5. The "most wanted" feature of Feature Pack 1 must be the new more flexible resource allocation for Mailboxes / Organizations. Prior to this release we we're required to allocate mailbox space at the organization level, but now it can be allocated at the time you provision mailbox users (Which fits most serviceproviders plans/packaging better).

Find the Feature Pack 1 ISO here.

Wednesday, February 01, 2006

ISA 2004 SP2 released

ISA 2004 SP2 can now be found on the Microsoft Download center. Note that you cannot (successfully anyway) install it remotely via RDP as it enters lockdown mode during installation (According to the SBS Diva). You can find standard edition here and enterprise edition here.