SlideShare ist ein Scribd-Unternehmen logo

Software Management Iltce2007b

Als PPT, PDF herunterladen
G
guest804df32c5
Technologie
1 von 35
Software Management Through GPOs Jim Pattenaude, Marshall CUSD #C-2 Terry Sullivan, Shiloh CUSD #1
Disclaimer ,[object Object],[object Object]
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object]
Methods for installing software ,[object Object],[object Object],[object Object],[object Object]
Traditional Method ,[object Object],[object Object],[object Object],[object Object],[object Object]
Using GPO to install ,[object Object],[object Object],[object Object],[object Object],[object Object]
.msi Files ,[object Object],[object Object],[object Object],[object Object]
Creating .msi files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Software Install Makers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demonstration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Problems creating .msi ,[object Object],[object Object],[object Object]
Group Policy Management Console (GPMC) ,[object Object],[object Object],[object Object],[object Object]
GPMC Key Features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network install point ,[object Object],[object Object]
Deploying Software through GPOs ,[object Object],[object Object],[object Object],[object Object],[object Object]
Overview of process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Deployment Methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Assign vs. Publish ,[object Object],[object Object],[object Object],[object Object],[object Object]
Computer vs User ,[object Object],[object Object],[object Object]
Deployment Options ,[object Object],[object Object],[object Object],[object Object],[object Object]
Transforms (.mst) ,[object Object],[object Object],[object Object]
Removing software ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Issues ,[object Object],[object Object],[object Object]
Installing through scripts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Installing using imaging ,[object Object],[object Object],[object Object],[object Object]
Software Restriction ,[object Object],[object Object],[object Object],[object Object]
Process
Default Security Levels ,[object Object],[object Object]
4 rules to identify software ,[object Object],[object Object],[object Object],[object Object]
When to use each rule Zone rule Trusted Sites set to Unrestricted You want to allow software to be installed from trusted Internet zone sites Certificate rule Certificate used to digitally sign the scripts You want to identify a set of scripts that can be run anywhere Path rule flcss.exe, set to Disallowed You want to disallow a file installed by a virus that is always called flcss.exe Path rule with wildcards *.VBS set to Disallowed LOGIN_SRVhare.VBS set to Unrestricted You want to disallow all .vbs files, except those in a login script directory Path rule with wildcards DC??hare You want to identify a set of scripts on a set of servers, DC01, DC02, and DC03 Path rule SERVER_NAMEhare You want to identify a set of scripts on a central server Registry path rule %HKEY_LOCAL_MACHINEOFTWAREComputerAssociatesnoculateIT.0athOME% You want to identify a program that can be installed anywhere on client machines Path rule with environment variables %ProgramFiles%nternet Explorerexplore.exe You want to identify a program that is always installed in the same place Hash rule Browse to file to create hash You want to allow or disallow a specific version of a program Recommended Rule Task
Using Software Restriction Policies to Protect Against Unauthorized Software ,[object Object],[object Object]
Protect Against Unauthorized Software
MS KB article 324036 http://support.microsoft.com/kb/324036/en-us
Administrative Templates ,[object Object],[object Object],[object Object],[object Object]
Q&A Copy of Presentation: www.shiloh.k12.il.us/Presentations/SoftwareManagement Jim Pattenaude [email_address] Terry Sullivan [email_address]

Empfohlen

AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)Doryan Mathos
 
Avc per 201304_en
Avc per 201304_enAvc per 201304_en
Avc per 201304_enAnatoliy Tkachev
 
ANTIVIRUS
ANTIVIRUSANTIVIRUS
ANTIVIRUSfauscha
 
Performance dec 2010
Performance dec 2010Performance dec 2010
Performance dec 2010nuttakorn nakkerd
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITY
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITYCYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITY
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITYViscolKanady
 
Software
SoftwareSoftware
SoftwarePrem Sahu
 
Solaris servers sec
Solaris servers secSolaris servers sec
Solaris servers secRaja Waseem Akhtar
 

Empfohlen

AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)Doryan Mathos
 
Avc per 201304_en
Avc per 201304_enAvc per 201304_en
Avc per 201304_enAnatoliy Tkachev
 
ANTIVIRUS
ANTIVIRUSANTIVIRUS
ANTIVIRUSfauscha
 
Performance dec 2010
Performance dec 2010Performance dec 2010
Performance dec 2010nuttakorn nakkerd
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITY
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITYCYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITY
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITYViscolKanady
 
Software
SoftwareSoftware
SoftwarePrem Sahu
 
Solaris servers sec
Solaris servers secSolaris servers sec
Solaris servers secRaja Waseem Akhtar
 
Online Security
Online Security Online Security
Online Security JimWhite
 
WordPress security
WordPress securityWordPress security
WordPress securityShelley Magnezi
 
Patch management
Patch managementPatch management
Patch managementSyAM Software
 
Moskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondMoskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondCoreTrace Corporation
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...Andriy Krayniy
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
70-272 Chapter10
70-272 Chapter1070-272 Chapter10
70-272 Chapter10Gene Carboni
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurityricharddxd
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Ch06
Ch06Ch06
Ch06Raja Waseem Akhtar
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_enAnatoliy Tkachev
 
QuickHeal Anti-Virus
QuickHeal Anti-VirusQuickHeal Anti-Virus
QuickHeal Anti-VirusV.R.RAO Mentreddi
 
MSI / Windows Installer for NGN 'Dummies'
MSI / Windows Installer for NGN 'Dummies'MSI / Windows Installer for NGN 'Dummies'
MSI / Windows Installer for NGN 'Dummies'Roel van Bueren
 
Rapidly deploying software
Rapidly deploying softwareRapidly deploying software
Rapidly deploying softwareConcentrated Technology
 

Weitere ähnliche Inhalte

Was ist angesagt?

Online Security
Online Security Online Security
Online Security JimWhite
 
Moskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondMoskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondCoreTrace Corporation
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...Andriy Krayniy
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurityricharddxd
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 

Was ist angesagt? (20)

Online Security
Online Security Online Security
Online Security
 
WordPress security
WordPress securityWordPress security
WordPress security
 
Patch management
Patch managementPatch management
Patch management
 
Moskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondMoskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And Beyond
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_Lab
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
Alexey Ostapov: Distributed Video Management and Security Systems: Tips and T...
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
 
70-272 Chapter10
70-272 Chapter1070-272 Chapter10
70-272 Chapter10
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurity
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
Ch06
Ch06Ch06
Ch06
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacion
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_en
 
QuickHeal Anti-Virus
QuickHeal Anti-VirusQuickHeal Anti-Virus
QuickHeal Anti-Virus
 

Ähnlich wie Software Management Iltce2007b

MSI / Windows Installer for NGN 'Dummies'
MSI / Windows Installer for NGN 'Dummies'MSI / Windows Installer for NGN 'Dummies'
MSI / Windows Installer for NGN 'Dummies'Roel van Bueren
 
Improving Your Admin Image
Improving Your Admin ImageImproving Your Admin Image
Improving Your Admin Imageelisemoss
 
Window Desktop Application Testing
Window Desktop Application TestingWindow Desktop Application Testing
Window Desktop Application TestingTrupti Jethva
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying softwareConcentrated Technology
 
10 resource kit remote administration tools
10 resource kit remote administration tools10 resource kit remote administration tools
10 resource kit remote administration toolsDuggesh Talawar
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
Desktop applicationtesting
Desktop applicationtestingDesktop applicationtesting
Desktop applicationtestingAkss004
 
Lab #2 Managing Host Based Security Purpose To develop .docx
Lab #2 Managing Host Based Security Purpose To develop .docxLab #2 Managing Host Based Security Purpose To develop .docx
Lab #2 Managing Host Based Security Purpose To develop .docxsmile790243
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docxeugeniadean34240
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferencesRob Dunn
 
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...Concentrated Technology
 
TechNet Live spor 1 sesjon 2 - sc-forefront 2
TechNet Live spor 1 sesjon 2 - sc-forefront 2TechNet Live spor 1 sesjon 2 - sc-forefront 2
TechNet Live spor 1 sesjon 2 - sc-forefront 2Anders Borchsenius
 
Configuration testing
Configuration testingConfiguration testing
Configuration testingfarouq umar
 
3 App Compat Win7
3 App Compat Win73 App Compat Win7
3 App Compat Win7llangit
 

Ähnlich wie Software Management Iltce2007b (20)

MSI / Windows Installer for NGN 'Dummies'
MSI / Windows Installer for NGN 'Dummies'MSI / Windows Installer for NGN 'Dummies'
MSI / Windows Installer for NGN 'Dummies'
 
Rapidly deploying software
Rapidly deploying softwareRapidly deploying software
Rapidly deploying software
 
Ch06 system administration
Ch06 system administration Ch06 system administration
Ch06 system administration
 
Installation testing
Installation testingInstallation testing
Installation testing
 
Improving Your Admin Image
Improving Your Admin ImageImproving Your Admin Image
Improving Your Admin Image
 
MSI Packaging Free eBook
MSI Packaging Free eBookMSI Packaging Free eBook
MSI Packaging Free eBook
 
Window Desktop Application Testing
Window Desktop Application TestingWindow Desktop Application Testing
Window Desktop Application Testing
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying software
 
10 resource kit remote administration tools
10 resource kit remote administration tools10 resource kit remote administration tools
10 resource kit remote administration tools
 
Prepping software for w7 deployment
Prepping software for w7 deploymentPrepping software for w7 deployment
Prepping software for w7 deployment
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practices
 
Desktop applicationtesting
Desktop applicationtestingDesktop applicationtesting
Desktop applicationtesting
 
Lab #2 Managing Host Based Security Purpose To develop .docx
Lab #2 Managing Host Based Security Purpose To develop .docxLab #2 Managing Host Based Security Purpose To develop .docx
Lab #2 Managing Host Based Security Purpose To develop .docx
 
App locker
App lockerApp locker
App locker
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
 
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...
 
TechNet Live spor 1 sesjon 2 - sc-forefront 2
TechNet Live spor 1 sesjon 2 - sc-forefront 2TechNet Live spor 1 sesjon 2 - sc-forefront 2
TechNet Live spor 1 sesjon 2 - sc-forefront 2
 
Configuration testing
Configuration testingConfiguration testing
Configuration testing
 
3 App Compat Win7
3 App Compat Win73 App Compat Win7
3 App Compat Win7
 

Kürzlich hochgeladen

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Kürzlich hochgeladen (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

Software Management Iltce2007b

  • 1. Software Management Through GPOs Jim Pattenaude, Marshall CUSD #C-2 Terry Sullivan, Shiloh CUSD #1
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 28.
  • 29.
  • 30. When to use each rule Zone rule Trusted Sites set to Unrestricted You want to allow software to be installed from trusted Internet zone sites Certificate rule Certificate used to digitally sign the scripts You want to identify a set of scripts that can be run anywhere Path rule flcss.exe, set to Disallowed You want to disallow a file installed by a virus that is always called flcss.exe Path rule with wildcards *.VBS set to Disallowed LOGIN_SRVhare.VBS set to Unrestricted You want to disallow all .vbs files, except those in a login script directory Path rule with wildcards DC??hare You want to identify a set of scripts on a set of servers, DC01, DC02, and DC03 Path rule SERVER_NAMEhare You want to identify a set of scripts on a central server Registry path rule %HKEY_LOCAL_MACHINEOFTWAREComputerAssociatesnoculateIT.0athOME% You want to identify a program that can be installed anywhere on client machines Path rule with environment variables %ProgramFiles%nternet Explorerexplore.exe You want to identify a program that is always installed in the same place Hash rule Browse to file to create hash You want to allow or disallow a specific version of a program Recommended Rule Task
  • 31.
  • 33. MS KB article 324036 http://support.microsoft.com/kb/324036/en-us
  • 34.
  • 35. Q&A Copy of Presentation: www.shiloh.k12.il.us/Presentations/SoftwareManagement Jim Pattenaude [email_address] Terry Sullivan [email_address]

Hinweis der Redaktion

  1. Clarifying this up front will allow people to leave and find an alternate session if this is not what they are looking for.
  2. Briefly review each term/concept
  3. Briefly mention three processes for installing software – each will be covered in detail later
  4. Do NOT spend much time on this – everyone in attendance will be familiar with a traditional install method. The main purpose of this slide is to build a rapport with the audience and build their comfort level
  5. Review each bullet briefly, no need to elaborate. Main purpose is to differentiate an GPO-based install from a traditional install.
  6. Discuss what .msi file is. This is a topic that even some experienced users are not extremely familiar with. Do NOT go into TOO much depth at this point.
  7. Emphasize that most software that would be mass deployed either comes with a .msi file or has some other means to mass deploy. This is likely the EXCEPTION. Briefly describe the differences between each tool, but no need to dwell on each tool. These tools are likely more advanced than much of the audience is going to want to get into at this point. Perhaps poll the audience to determine how many are interested in making their own .msi files.
  8. Depending on interest determined previously, a demo of a real .msi creation can be started at this time. This is where the process can be reviewed. Again, depending on the audience this explanation may be sufficient to satisfy their interest.
  9. Do NOT spend much time on this slide. Use it simply as an introduction as some in the audience may not be familiar with the tool yet.
  10. General info – let them read from the handout. No need to discuss.
  11. Most users are probably familiar with this concept, but it should be mentioned because it is a key part of the process and is different from the way a “traditional” install works.
  12. Intro slide – each of these topics will be covered in depth. Do NOT spend much time on this slide.
  13. Review the process and start a demonstration at this time.
  14. If performing live demo at this point, you can choose to Assign or Publish before Advanced, but ultimately you will need to use Advanced in order to show the transforms. If pressed for time, ONLY use the Advanced option.
  15. This would be a good time to show the Sophos KB article where this exact scenario is discussed. http://www.sophos.com/support/knowledgebase/article/3090.html
  16. No need to go into too much detail here as this is beyond the scope of this session. If they are interested in this process, they need to attend one of the imaging sessions.
  17. http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx Hash Rules A hash rule is a cryptographic fingerprint that uniquely identifies a file regardless of where it is accessed or what it is named. An administrator may not want users to run a particular version of a program. This may be the case if the program has security or privacy bugs, or compromises system stability. With a hash rule, software can be renamed or moved into another location on a disk, but it will still match the hash rule because the rule is based on a cryptographic calculation involving file contents. A hash rule consists of three pieces of data, separated by colons: • MD5 or SHA-1 hash value•File length•Hash algorithm IDIt is formatted as follows: [MD5 or SHA1 hash value]:[file length]:[hash algorithm id] Files that are digitally signed will use the hash value contained in the signature, which may be SHA-1 or MD5. Files that are not digitally signed will use an MD5 hash. Example: The following hash rule matches a file with a length of 126 bytes and with contents that match the MD5 (denoted by the hash algorithm identifier of 32771) hash of 7bc04acc0d6480af862d22d724c3b049— 7bc04acc0d6480af862d22d724c3b049:126:32771 Certificate Rules A certificate rule specifies a code-signing, software publisher certificate. For example, a company can require that all scripts and ActiveX controls be signed with a particular set of publisher certificates. Certificates used in a certificate rule can be issued from a commercial certificate authority (CA) such as VeriSign, a Windows 2000/Windows Server 2003 PKI, or a self-signed certificate. A certificate rule is a strong way to identify software because it uses signed hashes contained in the signature of the signed file to match files regardless of name or location. If you wish to make exceptions to a certificate rule, you can use a hash rule to identify the exceptions. Path Rules A path rule can specify a folder or fully qualified path to a program. When a path rule specifies a folder, it matches any program contained in that folder and any programs contained in subfolders. Both local and UNC paths are supported. Using Environment Variables in Path Rules. A path rule can use environment variables. Since path rules are evaluated in the client environment, the ability to use environment variables (for example, %WINDIR%) allows a rule to adapt to a particular user's environment. Important: Environment variables are not protected by access control lists (ACL). If users can start a command prompt they can redefine an environment variable to a path of their choosing. Using Wildcards in Path Rules. A path rule can incorporate the '?' and '*' wildcards, allowing rules such as "*.vbs" to match all Visual Basic® Script files. Some examples: • "\DC-??login$" matches \DC-01login$, \DC-02login$•"*Windows" matches C:Windows, D:Windows, E:Windows•"c:win*" matches c:winnt, c:windows, c:windirRegistry Path Rules. Many applications store paths to their installation folders or application directories in the Windows registry. You can create a path rule that looks up these registry keys. For example, some applications can be installed anywhere on the file system. These locations may not be easily identifiable by using specific folder paths, such as C:Program FilesMicrosoft Platform SDK, or environment variables, such as %ProgramFiles%Microsoft Platform SDK. If the program stores its application directories in the registry, you can create a path rule that will use the value stored in the registry, such as %HKEY_LOCAL_MACHINESOFTWAREMicrosoftPlatformSDKDirectoriesInstall Dir%. This type of path rule is called a registry path rule. The registry path is formatted as follows: %[Registry Hive][Registry Key Name][Value Name]% Note: Any registry path rule suffix should not contain a character immediately after the last % sign in the rule. • The registry path must be enclosed in percent signs ("%").•The registry value must be a REG_SZ or REG_EXPAND_SZ. You cannot use HKLM as an abbreviation for HKEY_LOCAL_MACHINE, or HKCU as an abbreviation for HKEY_CURRENT_USER.•If the registry value contains environment variables, these will be expanded when the policy is evaluated.•A registry path rule can also contain a suffix path such as %HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersCache%OLK* This registry path rule identifies the folder that Microsoft Outlook XP uses to store attachments before launching them. The attachment folder always starts with the letters "OLK" so the rule uses wildcard matching. As an example, this rule matches the following path: C:Documents and SettingsusernameLocal SettingsTemporary Internet FilesOLK4Important When you set a path rule, you should check the access control list (ACL) entries on the path. If users have write access to a path, they can modify its contents. For example, if you allow C:Program Files, any power user on the machine can copy software into the Program Files folder. Path Rule Precedence. When there are multiple matching path rules, the most specific matching rule takes precedence. The following is a set of paths, from highest precedence (more specific match) to lowest precedence (more general match). • Drive:Folder1Folder2FileName.Extension•Drive:Folder1Folder2*.Extension•*.Extension•Drive:Folder1Folder2•Drive:Folder1one Rules A rule can identify software from the Internet Explorer zone from which it is downloaded. These zones are: • Internet•Intranet•Restricted Sites•Trusted Sites•My ComputerCurrently this applies to only Windows Installer (*.MSI) packages. It does not apply to software downloaded in Internet Explorer.
  18. This slide is HIDDEN. Only use this slide if time permits and the audience is sufficiently advanced.