If you are in New Orleans this week, here’s how and where you can get a hold of me to discuss PowerShell, PowerGUI, or Cloud Computing and our Quest OnDemand IT Management as a Service offerings:

Throughout the week: follow @DSotnikov on Twitter – I will do my best to not forget update my status there.

Monday, June 7, 2010

10:30-12:30 – Microsoft Online Services (COS) booth – Yellow TLC areas – COS Info Desk

1:00-2:00 pm – Press panel on cloud computing (need to have press or analyst badge to attend)

2:15-2:45 pm – PowerShell and PowerGUI – Ask the Experts Q&A with myself and Kirk ‘Poshoholic’ Munro at Quest Software booth

3:00-4:00 pm – Analyst panel on cloud computing (need to have press or analyst badge to attend)

7:30-9:00 pm – Microsoft Online Services (COS) booth – Yellow TLC areas – Online Counter

Tuesday, June 8, 2010

8:30-11 am – Meetings with analysts and press (need to have press or analyst badge and schedule the meetings with Microsoft conference organizers to attend)

2:30-5:00 pm – BPOS booth – Yellow TLC areas

7:00 pm – Quest customer dinner (need to be a Quest Software customer to attend)

Wednesday, June 9, 2010

8:30-10:00 am – Co-presenting the ‘The Economics of Cloud Computing’ in room 398.

10:30-12:15 pm – Quest OnDemand demo and Q&A at Microsoft Azure booths: Yellow Section, COS 3 and 4

12:30-1:00 pm – Cloud and Enterprise IT, IT Management as a Service – Ask the Experts Q&A at Quest Software booth

1:30-2:45 pm – I am moderating BOF23-IT – IT Going to the Cloud: Are We Crazy? – Room 354

7:00 pm – PowerShell community dinner (need to be an active PowerShell community or ecosystem member to attend)

See you at TechEd!

These are some quick notes from a session on AppLocker by Paul A. Cooke, Tech-Ed EMEA 2008:

As you may have seen, I’ve written a few articles on Software Restriction Policy (SRP) under Windows XP and Windows Vista for www.windowsecurity.com (see below). I’m very happy to tell you, that Microsoft now improved this functionality and renamed it into: AppLocker!

Unfortunately I cannot bring you any screenshots (because of NDA), but I can tell you a few things about the basic functionality. With AppLocker you can more easily eliminate unwanted and unknown applications in your Windows (7) environment. You can enforce application standardization – both from a security (malware), and from a management point of view (licensing & user control).

What most organizations try to do these days, it to limit users to be standard users (non-administrators) on their local machines – however this is actually not enough to feel secure as an IT administrator. Running as standard user is not the solution to all of our problems. Many applications can do bad stuff, even within user context – like stealing data, deleting data, manipulating data, encrypting data, creating bot-nets, send spam, social engineering etc. etc. This is true for applications that install in user context (like Google Chrome), or regular executables that don’t actually install – they just run!

If you want to control applications like that, what can run and what cannot – then you need another approach. AppLocker comes to the rescue!

AppLocker has been build around digital signatures – signing of software executables and DLLs. This was also an option in SRP under Windows XP, were we had path, filename, HASH & certificate rule, but it was pretty hard to manage and enforce back then. With Windows 7, a new GUI has been added to the group policy editor to support easy creation of software rules. We have 3 types of rules:
- Allow rules: same as Whitelisting (‘known good’ software)
- Deny rules: same as Blacklisting (‘known bad’ software)
- Exceptions: exclusion from allow or deny rules

Allow rules are of course the recommended approach – the “default deny all applications” rule (Whitelisting), but with specific applications the network administrators wants to allow users to run. As an administrator, you get granular control of specific applications, enforcing who can run and/or install them (if they have the appropriate rights and permissions).

The administration is done by group policy under Computer Configuration > Application Control Policies, but strangely enough you have to put in affected users and groups (still unclear whether or not the SYSTEM account is still excluded from SRP checks). So this is actually Computer policies that are able to hit users, like loopback or group policy preferences.

You can create multiple rule sets and take advantage of specific attributes, like app version (equal/above/below X.0.0.0), filename (executable name), product publisher (the valid root certificate used to sign), product suite (like “Microsoft Office 2007”) – and wildcards seems to be supported still.

You can control executables, installers (MSI), scripts, and DLLs, using certificates (publisher), HASH or path rules. The disadvantage of using HASH rules is, that the HASH will change if the application is updated, certificate/publisher rules are much more flexible because the signature is still going to be there (unless the developers totally mess up). So always try to go for publisher rules, certificates are here to stay :)

Can be run in 3 modes: Enforce policy, Enforce Policy using Group Policy Inheritance  and Audit Only mode! The latter is pretty cool, as you can configure a Software Restriction Policy, and test it out before you go “live”.

AppLocker supports import and export of rules, which can be very useful, but one of the best new features is, that there’s no need to create all the rules manually – you have the option to “automatically generate rule”, this feature will analyze a “reference machine” (not sure if this has to be the local machine yet) and files in a given folder on that machine (not sure if this can be a share yet). You can compare this to a “snapshot” feature, take all files in this folder (and subfolders), and make an allow rule from that (certificate based preferably).

The new rule creation tools and wizards seem pretty straight forward – but you really need to think about the SRP design before you go for it, and test intensively, or else you’ll end up in serious trouble ;-)

I just can’t wait to test this deeply and bring you more information!

Previous article series on SRP:
Default Deny All Applications (Part 1)
Default Deny All Applications (Part 2)

Microsoft AppLocker description:
http://www.microsoft.com

.

These are some quick notes from a session on UAC by Paul A. Cooke, Tech-Ed EMEA 2008:

Microsoft Windows 7 will reduce the number of OS applications and tasks, that require elevation – this has been done by re-factoring apps and tasks into elevated and non-elevated pieces.

UAC v2 will provide a more flexible prompt behavior for administrators, also administrators will see less UAC elevation prompts.

Users can do even more as standard user (eg. parts of Bitlocker, Windows Update etc.), they will also be able to ‘read’ system settings without needing to elevate.

Windows 7 will be better spotting human vs. application changes, this way “human administrator” changes will be allowed without too many prompts.

UAC can now easily be graduated into 4 levels (from the strict Vista default to totally off) - everything can of course be handled using group policy.

To me this is all pretty cool – but to be honest, I’m one of those weird guys, who don’t care about Vista UAC prompts… I just press ALT+C… How hard can it be? ;-)

.

I got my invite yesterday for the Bloggers Dinner @ TechEd. Bloggers @ Tech Ed is designed to help the New Zealand blogging community with both practical advice and an exclusive opportunity to network with other key bloggers in New Zealand.

The dinner will be held on September 1st at Sky City Convention Centre, Auckland.

The best part of the event is that its being hosted and keynoted by Scott Hanselman

See you there

The PowerPoint slides from last week’s Microsoft TechEd Australia 2007 conference keynote presentation has now been officially published on CommNet for public download and viewing. The PowerPoint file comes at a whopping 29.8MB with high-resolution images spanning over 107 slides.

This is the Full-Monty - everything from the actual presentation, including Frank Arrigo’s LOLCat pictures and Michael Twigg of Animal Logic’s high-resolution renders and concept arts. There’s only headings and pictures here, so most of this probably won’t make much sense for anyone who didn’t attend keynote to listen to what the presenters had to say, but there’s still quite a bit of eye-candy from Animal Logic to enjoy.

I’ve extracted some of the Animal Logic images below. Some of these make great wallpapers, as suggested.

Animal Logic banners (I’ve removed the “Make your mark” text from the right image)

More Animal Logic banners

Even more Animal Logic banners

“Mumbles” renders from Happy Feet

On the second last day of Microsoft TechEd Australia 2007, everyone was invited to attend the closing party at Warner Brother’s Movie World theme park on the Gold Coast. It was a good time to wind down after two days of 8-to-6 learning. There was free food, drinks and best of all, rides! “Sci-Fi” was the theme of the event. I was too busy having fun so here’s only a very brief overview.

It took at least two dozen coaches to transport no fewer than 2500 delegates and staff to the event somewhat 30 minutes away. Everyone was asked to queue at the convention center from 6:15pm. It was an obvious logistical problem and I’m not sure this was the best solution, but everyone got to Movie World by around 8:30pm.

At the entrance, everyone walked through a somewhat obvious Stargate replica. Standing alongside were some not-so-obvious character actors.

Star-Trek reference on the big screens.

Not too sure what the light projection and smoke effect was intended for, but was still pretty cool.

Food.

And more food.

Everyone having a pretty good time.

Most of the rides were open including Batwing Spaceshot, Superman Escape, Wild West Falls Adventure Ride, Lethal Weapon - The Ride and Scooby-Doo Spooky Coaster. Being subjective to motion sickness, I only opted for the Scooby-Doo ride which was an unexpectedly enjoyable. Not spooky by any standards, but had some great dips and corners.

Overall, it was a great night well organized. Hats off to Jack Morton for their events management expertise.