EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide"

Transcription

1 EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide BitLocker Deployment Guide Document Version ERAS v 2.8 Wave Systems Corp. 2010

2 Contents Contents Introduction... 3 Additional Documentation... 3 Technical Support What do you need to know before deploying ERAS BitLocker? Mapping your environments how do you know which machines are TPM capable? Knowing BitLocker Group Policy Settings Different client capabilities in ERAS (TPM vs. Non-TPM)... 6 Recommended and minimal GPO settings before you deploy additional authentication or no TPM... 6 Enable BitLocker password GPO settings for OS volume authentication before you deploy... 7 Enable BitLocker GPO settings for TPM Core Root of Trust Measurements (CRTM) Required permissions for the local administrator group on client domain machines Choosing the best Bitlocker authentication method Outline of the 5 BitLocker authentication methods, and the mandatory and recommended GPO settings A. TPM Only B. TPM + PIN (recommended) C. Startup Key D. TPM + PIN + Startup Key E. Smartcard Set BitLocker encryption and cipher GPO settings before you deploy Authentication method flows: how to perform single machine vs. batch enrollment Checking status and addressing errors FIPS settings Locking down BitLocker from Local Admin Works Cited Contents 2 Contents Wave Systems Corp. 2010

3 1. Introduction This is a specific guide for assisting IT personnel in the planning and deployment of BitLocker utilizing ERAS. This is to act as a supplement to section seven, BitLocker Management of the ERAS Admin Manual. There are a number of details that are covered in this guide. BitLocker is a Microsoft featured full disk encryption that is provided with Ultimate and Enterprise versions of both Vista and Windows 7. Wave has made the decision to only support central management of BitLocker with Microsoft Windows 7 Ultimate and Windows 7 Enterprise systems. BitLocker is exclusively a Microsoft product and Wave has facilitated in leveraging Microsoft BitLocker and looks to continue to improve the BitLocker deployment experience. ERAS utilizes MMC snap-in for navigation containing management details and management tabs for the individual clients that simplify navigation and offer a means of central management of BitLocker OS and Data volumes. Intended Audience This document is intended for providing a specified audience of IT security personnel and system administrators as well as other information technology personnel responsible for installing, deploying and administering the ERAS software and minimal details of BitLocker GPO deployment. Additional Documentation If needed review the ERAS Installation Guide, the ERAS Admin Manual and the readme.txt file included with the software to provide the information you will need to configure and use ERAS. Also it may be important to be familiar with Microsoft documentation of Windows Server Products and BitLocker GPO settings beyond what is covered in this document. Technical Support Additional information, technical support and contact information for the ERAS can be found online: Refer to the Wave Systems website or your questions or issues to: Toll free: (800) WAVE-NET Tel: (413) Fax: (413) Introduction Wave Systems Corp. 2010

4 2. What do you need to know before deploying ERAS BitLocker? The following topics and items need be understood before deploying BitLocker: a) ERAS BitLocker will only allow remote management on Windows 7 Enterprise or Ultimate client machines that already have the extra ~100 MB partition created at the time of Windows 7 installation. b) Authentication method to be used for BitLocker must be determined before deployment. Where is the encryption key? OS Volume System SRK FVEK SRK (Storage Root Key) by way of a BEK (BitLocker Encryption Key) file allows for the FVEK (Full Volume Encryption Key) on the OS volume to decrypt. c) Client machines that will use TPM version 1.2 for the deployment of BitLocker must have the TPM turned on and enabled /activated. d) Client machines that will use a startup key will require an out-of-band method for providing flash drives with BEK files to appropriate end users. e) Client machines that require personal identification number (PIN) or Password at authentication must have an out-of-band method for their provision to appropriate end users. f) Administrator must be familiar with the minimum set of BitLocker policies necessary to meet the needs within their organization, such as but not limited to: a) Encryption strength b) Authentication method for OS volume and data volume c) Setting password versus PIN to OS volume (BitLocker policy) d) Each volume type has their own associated policies e) TPM usage and setting Core Root of Trust Measurements g) To facilitate deployment in a mixed environment of TPM and non-tpm machines, it is recommended to create separate OUs for each. h) Remote management from ERAS for BitLocker clients requires the ERAS Service Account to be added as a local administrator to each client within the domain. i) For foreign client machines, step h) is replaced by installing the ERASConnector.msi. 4 What do you need to know before deploying ERAS BitLocker? Wave Systems Corp. 2010

5 3. Mapping your environments how do you know which machines are TPM capable? Typically the TPM is turned off by default from the manufacturer. If that is the case, each client must have the TPM turned on and activated; this is usually done manually at the client in BIOS. This is a TCG requirement meant to ensure physical presence at the machine when changes to the TPM are made. However, there are some OEM manufacturers that provide tools to allow for turning on and enabling TPMs remotely. This requires an additional deployment of OEM specific software prior to using ERAS TPM management. If the TPM is already turned on then ERAS does have the ability to issue physical presence commands such as clear, enable and activate the TPM from Vista and Windows 7 clients and additional Wave software. This still requires someone at the machine to accept the changes to the TPM. ERAS deployment of BitLocker does not require any additional software added to the client machine. The ownership of the TPM is taken by ERAS upon initializing the BitLocker OS Volume and this information is store in the encrypted ERAS database. Full remote TPM management does require the use of additional Wave software on the client. 4. Knowing BitLocker Group Policy Settings BitLocker Group Policy settings can be found on Windows 7 and Windows 2008 R2 in the Local Group Policy Editor or the Group Policy Management Console (GPMC) under: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Further reference of the use of BitLocker Group Policy Settings can be found here: It is also possible to fully manage Windows 7 Bitlocker using GPO with any version and functional level of AD DS starting with Windows Server 2003 R2. See below reference and link to download and install instructions for Windows 7 GPO ADM to install on pre Windows 2008 R2 AD. Download the Windows 7 GPO administrative templates: 5 Mapping your environments how do you know which machines are TPM capable? Wave Systems Corp. 2010

6 5. Different client capabilities in ERAS (TPM vs. Non-TPM) In this section we will discuss the differences in deploying ERAS BitLocker, with versus without a TPM. BitLocker by default seeks to work with a TPM. Securing the Bitlocker Encryption Key using a TPM is highly recommended as this also eliminates the need to use a flash drive startup key. In addition, other authentication parameters can be added such as a PIN/Password and also USB startup key along with TPM depending on desired authentication method chosen. Recommended and minimal GPO settings before you deploy additional authentication or no TPM As mentioned in the previous paragraph the TPM works by default with BitLocker. To add additional authentication to an OS volume along with using the TPM one must enable a BitLocker policy. Figure 1: Require additional authentication at startup The policy in Figure 1 is required for allowing different authentication methods to be used with the TPM. This policy is also mandatory for systems that do not have a TPM or compatible TPM. This will require one to check the box Allow BitLocker without a compatible TPM ; this will require the use of a flash drive for the startup key of the OS volume. 6 Different client capabilities in ERAS (TPM vs. Non-TPM) Wave Systems Corp. 2010

7 If no policy is selected then the TPM will be used for the startup of a BitLocker OS volume. If BitLocker detects that no TPM is available it will fail to deploy until the policy in Figure 1 is deployed (with Allow BitLocker without a compatible TPM selected) and applied and enforced on the domain or organizational unit. Enable BitLocker password GPO settings for OS volume authentication before you deploy In order to use passwords or an alphanumeric combination to unlock an OS volume, the Allow enhanced PINs for startup GPO must be enabled. This policy is located under a separate folder ( Operating System Drives ) under the BitLocker GPOs. Figure 2: Allow enhanced PINs for startup Enable BitLocker GPO settings for TPM Core Root of Trust Measurements (CRTM) The following policy is referred to in BitLocker as Configure TPM platform validation profile. This policy allows one to configure how TPM secures the BitLocker encryption key. This policy also allows one to set a platform validation profile which consists of Platform Configuration Registers or PCRs. The 7 Different client capabilities in ERAS (TPM vs. Non-TPM) Wave Systems Corp. 2010

8 default settings of PCRs allow for core root of trust measurements (CRTM) prior to the handing of the boot manager kernel to the Windows 7 kernel; this allows checking for root kits and viruses that can be present prior to booting into the system OS. If changes in the measurements are detected, the TPM will not provide the encryption key to unlock the drive. For more details read through the BitLocker policy help file located within policy. Figure 3: Configure TPM platform validation profile 8 Different client capabilities in ERAS (TPM vs. Non-TPM) Wave Systems Corp. 2010

9 6. Required permissions for the local administrator group on client domain machines In order to remotely manage BitLocker in a domain environment the ERAS Service Account must be added to the local administrator group of the client machines ideally in an organizational unit. This is done one of two ways either using restricted groups, make sure to use member of rather than members since members will not allow changes to the group when this is deployed. See or another method from a Windows 2008 R2 server by configuring the local group using method outlined: 7. Choosing the best Bitlocker authentication method It is highly recommended that you use the TPM whenever possible for authentication for the following reasons: a) This eliminates the need to rely on a flash drive to store a startup BEK file to access the OS volume. b) The TPM provides a secure platform base method for associating authentication when providing a PIN or password. c) In addition to establishing authentication when the proper BitLocker policy is configured and deployed, one can use the TPM to provide a boot manager kernel check before handoff to the Windows 7 kernel. In other words the TPM makes core root of trust measurements (CRTM) which is a way to thwart kernel root kits. This also allows for additional protection to the Bitlocker encryption key (BEK) if the measurements selected do not meet the satisfactory criteria. 9 Required permissions for the local administrator group on client domain machines Wave Systems Corp. 2010

10 8. Outline of the 5 BitLocker authentication methods, and the mandatory and recommended GPO settings. A. TPM Only This allows the TPM to release the key that unlocks the encrypted partition during the startup process. Because the keys needed to decrypt data require the BEK that is located on the TPM, it prevents one from reading the data by removing the hard disk and installing it on another computer. GPO settings: None required. The deployment of this authentication method does not require enabling any GPO settings for BitLocker. B. TPM + PIN (recommended) This method of authentication is preferred because it provides the same level of protection as described for TPM only but in addition allows the pairing of a PIN. The addition of the policy mentioned earlier to enhance the PIN, allows for the creation of alphanumeric passwords. This also allows for greater security and access control to the drive. GPO settings: The deployment of this authentication method requires enabling the BitLocker GPO setting Require additional authentication at startup ; it is recommended that you set all authentication to allow. C. Startup Key The startup key allows for storage of the BEK file on a flash drive, which is an external key that must be presented to the computer at startup. This provides a hand-off in the startup process to the Windows 7 kernel on the OS volume. Any method that uses a USB startup key makes the user vulnerable to a stolen or lost key. GPO settings: The deployment of this authentication method requires enabling the BitLocker GPO setting Require additional authentication at startup ; you will be required to check the box Allow BitLocker without a compatible TPM. D. TPM + PIN + Startup Key This method secures the volume's encryption key by using the TPM on the computer, enhanced by both a user-specified (PIN) and by an external key that must be presented to the computer at startup. GPO settings: The deployment of this authentication method requires enabling the BitLocker GPO setting Require additional authentication at startup ; it is recommended that you set all authentications to allow. E. Smartcard Smartcards / BitLocker cannot be set as an authentication method from ERAS. The link below contains information to allow smartcards to work with BitLocker. There are two BitLocker policy settings that are associated with the use of smartcards. The first is the Validate smart card certificate usage rule compliance. This policy allows the association of an object identifier from a smart card certificate to a BitLocker-protected drive. 10 Outline of the 5 BitLocker authentication methods, and the mandatory and recommended GPO settings. Wave Systems Corp. 2010

11 Figure 4: Validate smart card certificate usage rule compliance Another BitLocker policy setting related to smart cards involves authentication to fixed data drives. The policy setting Configure use of smart cards on fixed data drives, once enabled, allows one to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. 11 Outline of the 5 BitLocker authentication methods, and the mandatory and recommended GPO settings. Wave Systems Corp. 2010

12 Figure 5: Configure use of smart cards on fixed data drives. 12 Outline of the 5 BitLocker authentication methods, and the mandatory and recommended GPO settings. Wave Systems Corp. 2010

13 Set BitLocker encryption and cipher GPO settings before you deploy. Another optional but recommended BitLocker setting is the encryption and cipher level of the drives that will be deployed in your enterprise. By default the encryption setting of BitLocker is set to AES 128- bit with Diffuser. In order to change the default encryption setting one must enable the policy in Fig. 6. Figure 6: Choose drive encryption method and cipher strength This policy allows for the following encryption strength and cipher methods to be chosen: AES 128 Bit with Diffuser (default) AES 256 Bit with Diffuser AES 128 Bit AES 256 Bit 13 Outline of the 5 BitLocker authentication methods, and the mandatory and recommended GPO settings. Wave Systems Corp. 2010

14 9. Authentication method flows: how to perform single machine vs. batch enrollment. The enrollment for a BitLocker volume can be performed by way of the ERAS console (review section three, ERAS Console and section seven, BitLocker Management) or by a script (review section thirteen, Command line operations of the ERAS Admin Manual) using the ERAS command line interface. The left pane of the ERAS console can be used to select an entire organizational unit (OU) for deploying any authentication method and allows for successive or global setting of a PIN or saving of startup keys, if needed. Checking status and addressing errors. Before enrolling a client machine for those previously-mentioned authentication methods, take note of the following important information: a) The required BitLocker policy is set from the domain, or locally (optional) on the machine before initialization of the BitLocker volume. b) ERAS will generate an error at the process window reflecting that it was unable to initialize the BitLocker volume with the specified authentication method if the authentication policy setting was not deployed. c) ERAS is unable to remotely initialize any BitLocker OS volume that does not contain the required ~100 MB partition that was mentioned earlier in this document. Attempting to do this will result in a BitLocker Unknown status in ERAS. d) Remote management on the domain requires the ERAS Service Account to be assigned a local administrator on the client machine; this will also cause problems with initialization of the BitLocker volume. e) If the BitLocker volume to be initialized is a foreign client machine then one will be required to install the ERASConnector.msi. This connector will replace any requirement for assigning the ERAS Service Account as the local administrator on the client machine. For more information on the use of the ERASConnector.msi and Client-initiated Management, review the ERAS Admin Manual. 10. FIPS settings Federal Information Processing Standard (FIPS) Group Policy settings in Windows 7 to require FIPS compliance: Please keep in mind if your organization is FIPS-compliant, Bitlocker-protected removable drives cannot be opened by computers running Windows XP or Windows Vista. To use Bitlocker in a FIPS-compliant environment, you must enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting, which can be found in the Local Group Policy Editor under: \Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, before turning on Bitlocker. 11. Locking down BitLocker from Local Admin BitLocker local management can be disabled by and made transparent by removal of the BitLocker icon in the control panel and configuring the Windows application control policies to block manage-bde.exe. In performing the tasks mentioned, one will remove the ability to perform any local management of BitLocker. For more details one can visit the source cited and view screenshots of the individual steps mentioned on the next page. 14 Authentication method flows: how to perform single machine vs. batch enrollment. Wave Systems Corp. 2010

15 Step 1: How to remove BitLocker Icon from Control Panel a) The domain administrator will need to create a User Group Policy to disable BitLocker icon from the Control Panel b) Open Group Policy Management Editor and expand the User configuration c) Under Administrative Templates, click on Control Panel d) Next click on Hide Specified Control Panel items and Enable this policy e) Click on Show List of disallowed Control Panel Items f) Add the Canonical Name for BitLocker which is Microsoft.BitLockerDriveEncryption See link below to get Canonical Names of Control Panel Items. g) After the domain administrator has created the group policy, to update the policy, run gpupdate /force. h) The above steps will remove BitLocker Drive Encryption Icon from Control Panel on the client machines. Step 2: How to use Application Control Policies (Applocker) to block manage-bde a) If the domain administrator wants to use Application Locker, he or she needs to make sure that Application Identity Service is running on the client machines. b) The administrator can also use a Group Policy object (GPO) setting that configures the Application Identity service startup type to Automatic. For information about using Group Policy, see Planning and Deploying Group Policy ( ). c) Open Service control panel and start the Application Identity Service. d) On the computer, open the local security policy (secpol.msc). e) In the console tree, double-click Application Control Policies, and then double-click AppLocker. f) Expand Application Control Policies and Right click on Executable rules. g) Create a New Rule to deny access to manage-bde.exe to all users. h) Enforce the rules and then the policy is set. i) Run gpupdate /force to update the policy on the client. The policy will also update next time the client machine logs in again to the server. j) Now if one with local admin privileges open a command prompt and try to run manage-bde.exe you will get access denied and it will say that this policy is controlled by GPO (Tanner, 2010) 15 Locking down BitLocker from Local Admin Wave Systems Corp. 2010

16 Works Cited Tanner, S. (2010, September 14). How to Prevent Local Administrator from Turning OFF bitlocker. Retrieved November 18, 2010, from BitLocker Drive Encryption Team Blog: 16 Works Cited Wave Systems Corp. 2010

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011 BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011 Purpose To provide a step-by-step procedure for encrypting installed laptop

More information

EMBASSY Remote Administration Server (ERAS) Administrator Manual

EMBASSY Remote Administration Server (ERAS) Administrator Manual EMBASSY Remote Administration Server (ERAS) Administrator Manual Part III BitLocker, Trusted Platform Module, SafeNet ProtectDrive and Dell BIOS & CV Management ERAS Version 2.8 Document Version 1.0.0.20

More information

Encrypting with BitLocker for disk volumes under Windows 7

Encrypting with BitLocker for disk volumes under Windows 7 Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1

More information

Microsoft Windows Common Criteria Evaluation

Microsoft Windows Common Criteria Evaluation Microsoft Windows Common Criteria Evaluation Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8, Microsoft Windows Server 2012 Common Criteria Supplemental Admin Guidance for Software

More information

Create, Link, or Edit a GPO with Active Directory Users and Computers

Create, Link, or Edit a GPO with Active Directory Users and Computers How to Edit Local Computer Policy Settings To edit the local computer policy settings, you must be a local computer administrator or a member of the Domain Admins or Enterprise Admins groups. 1. Add the

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Introduction to BitLocker FVE

Introduction to BitLocker FVE Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients

More information

Windows BitLocker TM Drive Encryption Design Guide

Windows BitLocker TM Drive Encryption Design Guide Windows BitLocker TM Drive Encryption Design Guide Microsoft Corporation Published: August 2007 Abstract This document describes the various aspects of planning for deploying Windows BitLocker Drive Encryption

More information

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION Contents 1. Getting Started... 4 1.1 Specops Deploy Supported Configurations... 4 2. Specops Deploy and Active Directory...5 3. Specops Deploy

More information

Disk Encryption. Aaron Howard IT Security Office

Disk Encryption. Aaron Howard IT Security Office Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance

More information

Windows BitLocker Drive Encryption Step-by-Step Guide

Windows BitLocker Drive Encryption Step-by-Step Guide Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft

More information

How to Encrypt your Windows 7 SDS Machine with Bitlocker

How to Encrypt your Windows 7 SDS Machine with Bitlocker How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly

More information

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

In order to enable BitLocker, your hard drive must be partitioned in a particular manner. ENABLE BITLOCKER ON WINDOWS VISTA - WITHOUT A TPM Requirements: You must be running Vista Enterprise or Vista Ultimate to enable BitLocker. Any other version of Vista is not compatible. It is recommended

More information

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative

More information

MBAM Self-Help Portals

MBAM Self-Help Portals MBAM Self-Help Portals Authoring a self-help portal workflow for BitLocker Recovery Using Microsoft BitLocker Administration and Monitoring (MBAM) Technical White Paper Published: September 2011 Priyaa

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

DriveLock Quick Start Guide

DriveLock Quick Start Guide Be secure in less than 4 hours CenterTools Software GmbH 2012 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

EMBASSY Remote Administration Server (ERAS) Helpdesk Guide. ERAS Version 2.8 Document Version 0.0.0.2. http://www.wave.com

EMBASSY Remote Administration Server (ERAS) Helpdesk Guide. ERAS Version 2.8 Document Version 0.0.0.2. http://www.wave.com EMBASSY Remote Administration Server (ERAS) Helpdesk Guide ERAS Version 2.8 Document Version 0.0.0.2 http://www.wave.com ERAS v 2.8. Wave Systems Corp. 2010 Contents Contents... 2 1. Introduction... 3

More information

Microsoft Corporation. Status: Preliminary documentation

Microsoft Corporation. Status: Preliminary documentation Microsoft Corporation Status: Preliminary documentation Beta content: This guide is currently in beta form. The AppLocker team greatly appreciates you reviewing the document and looks forward to receiving

More information

Managing Applications, Services, Folders, and Libraries

Managing Applications, Services, Folders, and Libraries Lesson 4 Managing Applications, Services, Folders, and Libraries Learning Objectives Students will learn to: Understand Local versus Network Applications Remove or Uninstall an Application Understand Group

More information

Experiment No.5. Security Group Policies Management

Experiment No.5. Security Group Policies Management Experiment No.5 Security Group Policies Management Objectives Group Policy management is a Windows Server 2003 features in which it allows administrators to define policies for both servers and user machines.group

More information

The safer, easier way to help you pass any IT exams. Exam : 70-688. Managing and Maintaining Windows 8. Title : 1 / 19

The safer, easier way to help you pass any IT exams. Exam : 70-688. Managing and Maintaining Windows 8. Title : 1 / 19 Exam : 70-688 Title : Managing and Maintaining Windows 8 Version : Demo 1 / 19 1.DRAG DROP Your company recently purchased 25 new laptops. All 25 laptops have the same hardware configuration and do not

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7. Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7. Troubleshooting Introduction Adaxes Self-Service Client provides secure

More information

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0 SECO Whitepaper SuisseID Smart Card Logon Configuration Guide Prepared for SECO Publish Date 19.05.2010 Version V1.0 Prepared by Martin Sieber (Microsoft) Contributors Kunal Kodkani (Microsoft) Template

More information

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)

More information

PLANNING AND DESIGNING GROUP POLICY, PART 1

PLANNING AND DESIGNING GROUP POLICY, PART 1 84-02-06 DATA SECURITY MANAGEMENT PLANNING AND DESIGNING GROUP POLICY, PART 1 Melissa Yon INSIDE What Is Group Policy?; Software Settings; Windows Settings; Administrative Templates; Requirements for Group

More information

Stellar Active Directory Manager

Stellar Active Directory Manager Stellar Active Directory Manager What is the need of Active Directory Manager? Every organization uses Active Directory Services (ADMS) to manage the users working in the organization. This task is mostly

More information

Running 4D Server as a Service on Windows

Running 4D Server as a Service on Windows Running 4D Server as a Service on Windows By Timothy Aaron Penner, Technical Services Team Member, 4D Inc. Technical Note 10-02 1 Table of Contents Table of Contents... 2 Abstract... 3 Introduction...

More information

NetWrix Password Manager. Quick Start Guide

NetWrix Password Manager. Quick Start Guide NetWrix Password Manager Quick Start Guide Contents Overview... 3 Setup... 3 Deploying the Core Components... 3 System Requirements... 3 Installation... 4 Windows Server 2008 Notes... 4 Upgrade Path...

More information

How to enable Disk Encryption on a laptop

How to enable Disk Encryption on a laptop How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data

More information

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII Windows 2008 Server DIRECTIVAS DE GRUPO Administración SSII Group Policy A centralized approach to applying one or more changes to one or more users or computers Setting: Definition of a change or configuration

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

SPECOPS DEPLOY / OS 4.6 DOCUMENTATION

SPECOPS DEPLOY / OS 4.6 DOCUMENTATION Technical documentation: SPECOPS DEPLOY / OS 4.6 DOCUMENTATION By Shay Byrne, Product Manager 1 Getting Started... 4 1.1 Specops Deploy / OS Supported Configurations...4 1.2 Specops Deploy and Active Directory...

More information

Windows Logging Configuration: Audit Policy Configuration

Windows Logging Configuration: Audit Policy Configuration Windows Logging Configuration: Audit Policy Configuration Windows Auditing Windows audit policy requires computer level and in some cases object level configuration. At the computer level, Windows has

More information

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES TECHNICAL ARTICLE November 2012. Legal Notice The information in this publication is furnished for information use only, and does not

More information

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0 NetIQ Advanced Authentication Framework - Administrative Tools Installation Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 NetIQ Advanced Authentication

More information

Next-Gen Monitoring of Active Directory. Click to edit Master title style

Next-Gen Monitoring of Active Directory. Click to edit Master title style Next-Gen Monitoring of Active Directory Click to edit Master title style About Your Speaker Derek Melber, MCSE & MVP (Group Policy and AD) derek@manageengine.com www.auditingwindowsexpert.com Online Resources

More information

Administration Guide ActivClient for Windows 6.2

Administration Guide ActivClient for Windows 6.2 Administration Guide ActivClient for Windows 6.2 ActivClient for Windows Administration Guide P 2 Table of Contents Chapter 1: Introduction....................................................................12

More information

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES TECHNICAL ARTICLE November/2011. Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

Audit account logon events

Audit account logon events Audit account logon events Description This security setting determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate

More information

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012 Administering FileVault 2 on OS X Lion with the Casper Suite Technical Paper July 2012 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that

More information

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved.

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved. GoldKey Software User s Manual Revision 7.12 WideBand Corporation www.goldkey.com 1 Table of Contents GoldKey Installation and Quick Start... 5 Initial Personalization... 5 Creating a Primary Secure Drive...

More information

2. Using Notepad, create a file called c:\demote.txt containing the following information:

2. Using Notepad, create a file called c:\demote.txt containing the following information: Unit 4 Additional Projects Configuring the Local Computer Policy You need to prepare your test lab for your upcoming experiments. First, remove a child domain that you have configured. Then, configure

More information

Group Policy 21/05/2013

Group Policy 21/05/2013 Group Policy Group Policy is not a new technology for Active Directory, but it has grown and improved with every iteration of the operating system and service pack since it was first introduced in Windows

More information

Microsoft Windows Server 2008: Data Protection

Microsoft Windows Server 2008: Data Protection Chapter 5 Microsoft Windows Server 2008: Data Protection Solutions in this chapter: BitLocker Active Directory Rights Management Services Authorization Summary Solutions Fast Track Frequently Asked Questions

More information

Sharpdesk V3.5. Push Installation Guide for system administrator Version 3.5.01

Sharpdesk V3.5. Push Installation Guide for system administrator Version 3.5.01 Sharpdesk V3.5 Push Installation Guide for system administrator Version 3.5.01 Copyright 2000-2015 by SHARP CORPORATION. All rights reserved. Reproduction, adaptation or translation without prior written

More information

Managing Windows Environments with Group Policy

Managing Windows Environments with Group Policy 3 Riverchase Office Plaza Hoover, Alabama 35244 Phone: 205.989.4944 Fax: 855.317.2187 E-Mail: rwhitney@discoveritt.com Web: www.discoveritt.com Managing Windows Environments with Group Policy Course: MS50255C

More information

ACTIVE DIRECTORY DEPLOYMENT

ACTIVE DIRECTORY DEPLOYMENT ACTIVE DIRECTORY DEPLOYMENT CASAS Technical Support 800.255.1036 2009 Comprehensive Adult Student Assessment Systems. All rights reserved. Version 031809 CONTENTS 1. INTRODUCTION... 1 1.1 LAN PREREQUISITES...

More information

YubiKey PIV Deployment Guide

YubiKey PIV Deployment Guide YubiKey PIV Deployment Guide Best Practices and Basic Setup YubiKey 4, YubiKey 4 Nano, YubiKey NEO, YubiKey NEO-n YubiKey PIV Deployment Guide 2016 Yubico. All rights reserved. Page 1 of 27 Copyright 2016

More information

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority In this post we will see the steps for deploying the client certificate for windows computers. This post is a part of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous post we

More information

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Chapter 10 Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Implement and troubleshoot Group Policy. Create a Group Policy object (GPO). Link an existing GPO. Delegate administrative

More information

Administering Group Policy with Group Policy Management Console

Administering Group Policy with Group Policy Management Console Administering Group Policy with Group Policy Management Console By Jim Lundy Microsoft Corporation Published: April 2003 Abstract In conjunction with Windows Server 2003, Microsoft has released a new Group

More information

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Lab A: Deploying and Managing Software by Using Group Policy Answer Key Lab A: Deploying and Managing Software by Using Group Policy Answer Key Exercise 1 Assigning Software This Answer Key provides the detailed steps for completing Lab A: Deploying and Managing Software by

More information

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide 1 of 7 DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide Process Overview Step Description

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

ContentWatch Auto Deployment Tool

ContentWatch Auto Deployment Tool ContentWatch Auto Deployment Tool ContentWatch gives administrators the ability to easily distribute ContentProtect (or say our products) over any network. With our Unattended Installer you can install

More information

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients Note: I have only tested these procedures on Server 2003 SP1 (DC) and XP SPII client, in a controlled lab environment,

More information

Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led

Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led Course Description In this course you will learn how to reduce costs and increase efficiencies in your network. You will discover

More information

Acceptable Encryption Usage for UTHSC

Acceptable Encryption Usage for UTHSC This document explains the acceptable use of encryption for the UTHSC system. It includes: acceptable encryption software, techniques, algorithms and instructions. Encryption methods and software are arranged

More information

Administrator s Guide for Microsoft BitLocker Administration and Monitoring 1.0

Administrator s Guide for Microsoft BitLocker Administration and Monitoring 1.0 Administrator s Guide for Microsoft BitLocker Administration and Monitoring 1.0 MDOP Information Experience Team Summary: Microsoft BitLocker Administration and Monitoring (MBAM) builds on BitLocker in

More information

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Deploying BitDefender Client Security and BitDefender Windows Server Solutions Deploying BitDefender Client Security and BitDefender Windows Server Solutions Quick Install Guide Copyright 2010 BitDefender; 1. Installation Overview Thank you for selecting BitDefender Business Solutions

More information

Get Success in Passing Your Certification Exam at first attempt!

Get Success in Passing Your Certification Exam at first attempt! Get Success in Passing Your Certification Exam at first attempt! Vendor: Microsoft Exam Code: 70-687 Exam Name: Microsoft Configuring Windows 8 Exam Version: Demo QUESTION: 1 A company has an Active Directory

More information

Using Microsoft Active Directory 1 Group Policy 2 with Diskeeper

Using Microsoft Active Directory 1 Group Policy 2 with Diskeeper Using Microsoft Active Directory 1 Group Policy 2 with Diskeeper Diskeeper can be administered network-wide via several different methods. The primary network administration tool for Diskeeper is Diskeeper

More information

Securing Remote Desktop Services in Windows Server 2008

Securing Remote Desktop Services in Windows Server 2008 1 sur 6 28/09/2010 22:48 Securing Remote Desktop Services in Windows Server 2008 R2 Taking a look at the security mechanisms built into RDS; how to use Group Policy and configuration settings for better

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

MailStore Outlook Add-in Deployment

MailStore Outlook Add-in Deployment MailStore Outlook Add-in Deployment A MailStore Server installation deploys the MailStore Outlook Add-in as a Windows Installer package (MSI) that can be installed on client machines using software distribution.

More information

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...

More information

Setting Up Peak Performance Group Policies

Setting Up Peak Performance Group Policies Setting Up Peak Performance Group Policies It is possible and recommended to create Group Policies for Peak Performance in order to control configuration related to Peak Performance users and computers.

More information

ICT Professional Optional Programmes

ICT Professional Optional Programmes ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications

More information

Windows" 7 Desktop Support

Windows 7 Desktop Support Windows" 7 Desktop Support and Administration Real World Skills for MCITP Certification and Beyond Darril Gibson WILEY Wiley Publishing, Inc. Contents Introduction xxiii Chapter 1 Planning for the Installation

More information

PGP Universal Server 2.5 SmartLine DeviceLock 6.2

PGP Universal Server 2.5 SmartLine DeviceLock 6.2 PGP Integration Guide October 2007 PGP Universal Server 2.5 SmartLine DeviceLock 6.2 Version 1.0 2 Table of Contents INTRODUCTION...3 STRUCTURE...3 CAVEATS...4 POLICY OVERVIEW...4 SPAN OF CONTROL...4 COMPUTER

More information

Deploying the DisplayLink Software using the MSI files

Deploying the DisplayLink Software using the MSI files How to deploy DisplayLink MSI files in a corporate environment with GPO or SCCM Go to: http://support.displaylink.com/knowledgebase/articles/615840 Introduction Or This article is intended to give a Windows

More information

Sophos SafeGuard Disk Encryption for Mac and the Casper Suite

Sophos SafeGuard Disk Encryption for Mac and the Casper Suite Sophos SafeGuard Disk Encryption for Mac and the Casper Suite Deploying, Activating, and Reporting on Sophos SafeGuard Disk Encryption for Mac with the Casper Suite Technical Paper March 2011 JAMF Software,

More information

FDCC Implementers Workshop David L. Dixon Sr. Consultant, Microsoft Federal Services FDCC Team

FDCC Implementers Workshop David L. Dixon Sr. Consultant, Microsoft Federal Services FDCC Team FDCC Implementers Workshop David L. Dixon Sr. Consultant, Microsoft Federal Services FDCC Team FDCC Challenges FIPS Setting Mobile Users ActiveX Controls Firewall Miscellaneous File system ACLs Certificate

More information

Active Directory Software Deployment

Active Directory Software Deployment APPLICATION N0TE ST-0128 March 24, 2006 Product: Active Directory / PCM Deployment System version: ShoreTel 6 Active Directory Software Deployment Courtesy of: Dylan Moser with LANtelligence Inc. This

More information

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO Contents Overview...1 System requirements...1 Enterprise Server:...1 Client PCs:...1 Section 1: Before installing...1 Section 2: Download

More information

SARANGSoft WinBackup Business v2.5 Client Installation Guide

SARANGSoft WinBackup Business v2.5 Client Installation Guide SARANGSoft WinBackup Business v2.5 Client Installation Guide (November, 2015) WinBackup Business Client is a part of WinBackup Business application. It runs in the background on every client computer that

More information

Smartcard Logon Overview

Smartcard Logon Overview etoken for Windows Smartcard Logon Lesson 9 April 2004 etoken Certification Course Smartcard Logon Overview Windows 2000/2003 Enterprise Server built-in feature Smartcard logon requires issuing a personal

More information

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0 Sophos Anti-Virus for NetApp Storage Systems user guide Product version: 3.0 Document date: May 2014 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp Storage Systems...4 3 System requirements...5

More information

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

MS 50255B: Managing Windows Environments with Group Policy (4 Days) www.peaklearningllc.com MS 50255B: Managing Windows Environments with Group Policy (4 Days) Introduction In course you will learn how to reduce costs and increase efficiencies in your network. You will

More information

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network How To Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network Introduction This document describes how to create a secure LAN, using two servers and an 802.1xcompatible

More information

EMBASSY Remote Administration Server (ERAS) Administrator Manual

EMBASSY Remote Administration Server (ERAS) Administrator Manual EMBASSY Remote Administration Server (ERAS) Administrator Manual Part I Introduction, Main Management Principles and Components ERAS Version 2.8 Document Version 1.0.0.23 http://www.wave.com ERAS v 2.8

More information

NetWrix USB Blocker Version 3.6 Quick Start Guide

NetWrix USB Blocker Version 3.6 Quick Start Guide NetWrix USB Blocker Version 3.6 Quick Start Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Getting Started...5 3.1.

More information

Sophos Anti-Virus for NetApp Storage Systems startup guide

Sophos Anti-Virus for NetApp Storage Systems startup guide Sophos Anti-Virus for NetApp Storage Systems startup guide Runs on Windows 2000 and later Product version: 1 Document date: April 2012 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp

More information

NETWRIX PASSWORD MANAGER

NETWRIX PASSWORD MANAGER NETWRIX PASSWORD MANAGER ADMINISTRATOR S GUIDE Product Version: 6.1 February/2012 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

Technical documentation: SPECOPS PASSWORD POLICY

Technical documentation: SPECOPS PASSWORD POLICY Technical documentation: SPECOPS PASSWORD POLICY By Johan Eklund, Product Manager, April 2011 Table of Contents 1 Overview... 1 1.1 Group Based Policy... 1 1.2 Extended password requirements... 2 1.3 Components...

More information

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live. Protect Sensitive Data Using Encryption Technologies Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.com/blog Where is the User Data Stored? Q: Where is the biggest

More information

Password Policy Enforcer

Password Policy Enforcer Password Policy Enforcer Evaluator s Guide V7.6 Copyright 1998-2013 ANIXIS. All rights reserved. ANIXIS, ANIXIS Password Reset, Password Policy Enforcer, PPE/Web, Password Policy Client, Password Policy

More information

SPECOPS SELF SERVICE PORTAL 2.2 INSTALLATION AND CONFIGURATION GUIDE

SPECOPS SELF SERVICE PORTAL 2.2 INSTALLATION AND CONFIGURATION GUIDE Technical documentation: SPECOPS SELF SERVICE PORTAL 2.2 INSTALLATION AND CONFIGURATION GUIDE By Markus Lassfolk, Product Specialist, SPECOPS SELF SERVICE PORTAL 2.2 INSTALLATION AND CONFIGURATION GUIDE...

More information

Windows Server Update Services 3.0 SP2 Step By Step Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide Windows Server Update Services 3.0 SP2 Step By Step Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide provides detailed instructions for installing Windows Server

More information

Group Policy Preferences Overview

Group Policy Preferences Overview Group Policy Preferences Overview Requirements and Features By Darren Mar-Elia, SDM Software Overview The Group Policy Preferences (GPP) feature was first made available at the release of Windows Server

More information

Active Directory. Users & Computers. Group Policies

Active Directory. Users & Computers. Group Policies Active Directory Users & Computers Policies Users & Computers domains domain trusted domains, trusting domains subdomains tree of domains forest of trees s s in Active Directory are directory objects that

More information

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu Menu INTRODUCTION...2 HOW DO I DEPLOY MYUSBONLY ON ALL OF MY COMPUTERS...3 ADMIN KIT...4 HOW TO SETUP A LOGON SCRIPTS...5 Why would I choose one method over another?...5 Can I use both methods to assign

More information

Foxit Enterprise Reader GPO User Guide

Foxit Enterprise Reader GPO User Guide 1 Copyright 2013 Foxit Corporation. All Rights Reserved. No part of this document can be reproduced, transferred, distributed or stored in any format without the prior written permission of Foxit. Anti-Grain

More information