I have to blog this right away - it will be part of a larger "GP Processing" article at some point though... But this is IMHO important stuff which needs to get out there quick :)
I've heard the following sentence too many times (in one way or the other): "You can only assign Group Policy Objects to Site, Domain Level or OU's"...
- but that's only partly true! Normally in newsgroups, forums etc. this leaves the readers (eg. someone who asked a GP question or whatever) with the impression that you cannot "hit" members of a certain Security Group only (which leaves you with "Site/Domain/OU Filtering" and/or "WMI Filtering" as the only possible a choices available). But that's simply not fair to the amazing Group Policy processing engine!
Even though "WMI Filtering" is pretty well-known these days (after WS2003 arrived), many people tend to forget the little - but extremely effective and flexible - thing called "Security Filtering" (even though it's somewhat more "Basic" compared to WMI)...
Let's talk about it for a minute or two if you are interested...
You can set this kind of filtering within the Group Policy Management Console (GPMC) on either the Scope tab:
- or the Delegation tab (a bit more Advanced):
As you can see, by DEFAULT all Group Policy Objects (GPO) include "Authenticated Users" with both Allow:"Read" and Allow:"Apply Group Policy" permissions set. Both of these permissions are needed for users and computers to take on (or process) a given GPO:
The thing about the very important "Authenticated Users" group is that it includes ALL User AND Computer accounts/objects within the AD domain (Domain Controllers too, right). So, by default a GPO applies to both computers and users (we are not going to talk about disabling GPO parts etc. now).
That's the "technical" explanation why policies placed on
a) the Site applies to ALL users and computers within the Site (users site follows computer site, site follows IP address)
b) the Domain Level applies to ALL users and computers within the Domain
c) any given OU applies to ALL users and computers within that particular OU (and sub-OUs for that matter)
=> because the "Authenticated Users" security group is there by default. These default permissions on new GPOs are handled by something called "Security Descriptors", but more on that in some other blog or article.
So, we have Security permission on all of our GPOs (unfortunately not the GPO links, but that's another talk) - leaving us with GREAT power to control to whom he particular GPO should be assigned (or 'applied'). All we need to do is to change the default permissions and <Zaboooka!> we are in complete control.
First step is generally to remove the "Authenticated Users" group from the GPO in question. Click Remove (below Security Filtering section) on the Scope tab and click OK:
Click Add... and select the domain security group you want to "hit" - click OK when done:
And <poof>, this GPO will only apply to members of "The Sales Group" - or whatever group (or user, or computer object...) you selected:
Now all you need to do is to link the GPO to the Domain Level (or Site or OU if that's better in your case) - but the Domain Level should be fine for most environments.
Now, you could turn this around and Exclude certain groups, users or computers - by setting Deny:"Apply Group Policy" instead. In some cases that might be the best choice - but as always with "deny" you have to watch out (manly because deny overwrites allow)!
Also note, that Security groups can include both user and computer accounts - we are maybe used to thinking that groups are for users only (in my experience most admins know the "Domain Users" group - but the "Domain Computers" group is not that well known)... But, with this in mind, you could make a group of computers instead of applying a WMI filter for instance (which is generally slower).
You could use other methods for setting permissions than the GPMC (like scripts) - but the GPMC is a wonderful tool for doing this easily - no sweat!
One way of automatically creating Security Groups from members of an OU is described in my article "Configuring Granular Password Settings in Windows Server 2008, Part 2" - these groups are referred to as Shadow Groups (cool, right). In some "filtering situations" that is nice to know...
Wow - that was nice getting it off my shoulders, and now I can refer to this blog entry whenever I get the question again - and so can you of course :-)
.
Written by Jakob H. Heidelberg on January 24th, 2008 with comments disabled.
Read more articles on GPO and OU Filtering and Security Descriptors and Security Filtering and Shadow Groups and Site Filtering and WMI Filters and group policy.
If you think that Windows Vista, or Vista Service Pack 1, or even Windows XP Service Pack 3 are the apex when it comes down to the Windows operating system, then you should reconsider...
Microsoft revealed that Windows 7 would go beyond both Vista SP1 and XP 3, to deliver an entirely new experience for the end users. Windows 7 will not only bring to the table a completely overhauled Windows core, featuring a stripped down kernel and a redesigned graphical user interface, but it will also expand the user experience beyond what Vista and XP are able to offer today.
Chris Jones, Corporate Vice President of Windows Live Experience, David Treadwell, Corporate Vice President of Live Platform Services, and Brian Arbogast, Corporate Vice President of Mobile Services, have authored an internal memo of the intimate connection planned for Windows 7 and Windows Live, that came under the eyes of Mary Jo Foley. "We will invest to deliver a seamless experience for customers who own a Windows PC. We have a unique opportunity to remove the seams between Windows, our applications, and our services. Windows Live Wave 3 will be designed so it feels like a natural extension of the Windows experience," reads an excerpt of the memo.
The fact of the matter is that the current bridge built between Vista and Windows Live, with Microsoft's suite of services and programs in the cloud taking ownership of such desktop clients as Messenger, Mail and Photo Gallery, does not even begin to scratch the surface of Windows Live + Windows 7. XP has nothing to even come close to this, and XP SP3 will not change this equation.
"While we will target a seamless experience on Windows Vista, we will make a bet on the Windows 7 platform and experience, and create the best experience when connected with Windows 7. We will work with the Windows 7 team and be a first and best developer of solutions on the Windows 7 platform. Our experiences will be designed so when they are connected to Windows 7 they seamlessly extend the Windows experience, and we will work to follow the Windows 7 style guidelines for applications," it is added in the memo.
Microsoft has released Windows 7 Milestone 1 Build 6.1.6519.1 to key partners for early testing. At this point in time, the Redmond company has not commented on any details related to Windows 7. It appears that M2 and M3 of Windows 7 will be served in 2008 with the first beta in 2009, and the final version by the end of next year, but no later than early 2010. Windows Live Wave 3 will follow Wave 2 delivered in 2007, by the end of this year. Windows Live Wave 3 will include another major upgrade to the Windows Live online collection of products and services from Hotmail to Live Search, from messenger to Photo Gallery.
"Windows Live Wave 3 will be designed so it feels like a natural extension of the Windows experience. … We will ‘light up’ the Windows experience with Windows Live. … What’s the relationship between a Windows account and a Windows Live ID (Microsoft’s Web-authentication technology)? Should we have a LiveID connected to account settings?"- reveals another fragment of the memo.
source: news.softpedia.com
Written by computerboom on January 24th, 2008 with comments disabled.
Read more articles on microsoft office and vista.
Internet Explorer 8 is still approximately a year before the final version will be released, in fact Microsoft has not even made available the first beta for the browser, but the successor of Internet Explorer 7 has already been taking hits. The fact that IE8 has to face an early barrage of fire is not by any means a surprise. The browser comes with the promise of the account for all the shortcomings of Internet Explorer 6 and the caveats introduced with by Internet Explorer 7.
While dogfooding IE8 after an entire year of exclusive in-house development and testing, Microsoft pulled a little publicity stunt at the end of 2007 and revealed that the browser passed the Acid2 test. However, while rendering it correctly, the smiley face of the
Acid2 test is designed to represent a step further in terms of standards support for IE8 and Microsoft. Håkon Wium Lie, chief technology officer of Opera Software, reveals via News.com that he is more than skeptical when it comes down to the browser actually passing the test.
"Recently, Microsoft announced that Internet Explorer version 8 can render Acid2, and it showed a screenshot to back the claim. The news was received with joy and excitement in the Web-authoring community. Finally, it seems, Microsoft has decided to take Web standards seriously. Designers will no longer have to spend countless hours trying to get their pages to look right in Internet Explorer while adhering to standards. Unfortunately, I think that the celebration is premature. I predict that IE 8 will not pass Acid2, after all," Wium Lie forecasted.
By passing the Acid2 test, IE8 is on par with rival products such as Opera, Safari and the upcoming Firefox 3.0. But in a short while, the Web Standards Project will publish Acid3. The new test will mean that all the browsers will have to take it from scratch yet again as none will be able to correctly render Acid3 by default. Wium Lie explained that Acid3 will not use a static webpage, such as the one offered by its predecessor Acid2, but a dynamic web application. Wium Lie reveals that he considers Microsoft to attempt one out of three strategies in order to pass Acid2.
"One scenario could be that IE 8 will require users or authors to 'opt in' to support standards. For example, in order to render Acid2 correctly, users could be required to modify IE 8's default settings. This breaks with the guidelines of the test, and IE 8 will therefore not pass in this scenario. A second scenario could be that Microsoft requires Web pages to change the default settings by flagging that they really, really want to be rendered correctly. Web pages already have a way to say this (called 'doctype switching', which is supported by all browsers), but Microsoft has all but announced that IE 8 will support yet another scheme," Wium Lie stated.
The fact of the matter is that Microsoft worked closely with The Web Standards Project (in the WaSP-Microsoft Task Force), in order to come up with the best possible solution that strikes a balance between offering advanced standards support, as well as backwards compatibility. In this context, IE8 will function in three ways. In the "Quirks mode", nothing will change. In "Standards mode" everything is the same as in Internet Explorer 7. And then, there will be IE8 Standards Mode. It has to be mentioned at this point in time that Microsoft did pass the Acid2 test with Internet Explorer 8 running in IE8 Standards mode. The browser would have failed the test in the remaining two modes.
"A third scenario could be to hard-code the Web address of Acid2 into IE 8. This way, the page is given special treatment to make it look like the browser is passing the test. It should be obvious that this breaks the spirit of the test and doesn't warrant a passing grade. I predict that Microsoft will implement at least one of these scenarios to limit the impact of standards. This would be damaging for the Web, and I therefore hope that my prediction is completely and absolutely wrong. The IE 8 team has shown that it can render Acid2 correctly. Now it's time for Microsoft to put its code to good use," Wium Lie concluded.
Written by computerboom on January 24th, 2008 with comments disabled.
Read more articles on Uncategorized.
This is a FANTASTIC (free edition available) product that lets you create a virtual USER on any PC. The great thing about this, is that its isolated from the rest of the PC, in other words you can install programs to test them in this environment and they will not affect your normal computer. You can install this on a USB drive or your hard disk. This is NOT a virtual machine in the sense of VMWARE or Microsoft VPC that is slow and does not have access to your real hardware, instead it runs at full speed and can use your hardware! Fantastic !
See demo and videos here>
http://www.mojopac.com/portal/content/how/demo.jsp
Review from external site>
WORRIED about people accessing your private information whenever you use a public computer? There is a way to protect yourself: Devices as small as a keychain allow you to use any computer without leaving a trail of evidence.
A new computer program known as MojoPac can turn most flash memory sticks, hard drives or iPods into "virtual" PCs that can run most programs that work on Windows XP.
The devices draw on the host computer's resources — including its electricity, Windows XP software and DVD drive. Yet they retain their independence as they move from machine to machine.
This independence allows people to use public computers without a trace of their session being left behind. PCs typically store a record of activity long after the computer has been turned off.
"It's a slick way to move from machine to machine," says Rob Enderle, founder of the Enderle Group, a research firm that follows the PC industry.
"It's about as safe as you can get."
The device cannot be bought. You have to make it by downloading free software onto a computer drive such as the thumb-sized USB flash memory drives that were so popular as gifts this Christmas. It also works with iPods, many other digital music players and regular external hard drives.
Once the MojoPac shell is created, users need to install their own software — just as they would do on a regular PC running Windows XP.
MojoPac's developer, RingCube Technologies, asserts that most programs are compatible, including Microsoft Office, Adobe Photoshop and a slew of free programs.
Other companies are working on similar technology, but there's nothing available with free software that is as easy to set up as MojoPac, according to Mr Enderle.
MojoPac virtual PCs are not just designed for mobile use. They can protect users who share the same computer. A virus introduced by one user into their MojoPac, or virtual computer, would not affect the rest, according to RingCube.
"If you were to corrupt your virtual world, your host PC would be fine," says RingCube Senior Vice President Ron DiBiase.
MojoPac is available for free on the company's Web site, www.MojoPac.com.
For now it only works with Windows XP, but the company plans to launch a version this summer that allows users to switch between machines running XP and Vista.
PCs that have been locked by administrators so users cannot install files on them won't work with MojoPac unless the administrator first installs a small piece of software that is available on the company's website.
And, there are no plans to develop MojoPacs for Mac computers or the Linux operating system, Mr DiBiase said.
While most programs work with MojoPac, one good source for the devices is www.PortableApps.com, a site that specializes in offering programs customized for thumb drives.
It lists more than three dozen programs, including software for fighting viruses, backing up data, surfing the web and viewing documents. There are also programs for word processing, photo editing, spreadsheets and instant messaging.
Virtual PCs add new security | NEWS.com.au
Written by computerboom on January 24th, 2008 with comments disabled.
Read more articles on Uncategorized.
Newest Release of Award-Winning Suite Delivers Major Workflow Enhancements, Online Collaboration Tools and Expanded Resources to Inspire and Guide Users
OTTAWA, Jan 22, 2008 (BUSINESS WIRE) -- Corel Corporation (NASDAQ: CREL; TSX: CRE), a leading developer of graphics, productivity and digital media software, today unveiled the newest version of its award-winning graphics suite, CorelDRAW(R) Graphics Suite X4. With more than 50 new and significantly enhanced features, CorelDRAW Graphics Suite X4 provides users with the tools, resources and confidence to tackle a wide variety of projects - from logos and Web graphics, to multipage brochures, to high impact signage and digital displays. New text and page layout enhancements, market-leading file format compatibility, and an expanded collection of high-quality content make this powerful suite the ultimate design partner, helping users turn inspiration into stunning results.
A comprehensive suite of intuitive page-layout, illustration, photo-editing, and bitmap-to-vector tracing applications, CorelDRAW Graphics Suite is the trusted choice of millions of professional and aspiring designers worldwide. The latest version of the suite includes new tools designed to fuel the creative process, simplify project management, and optimize the graphic design workflow.
"As we developed the newest version of CorelDRAW Graphics Suite, we consulted with users from a wide variety of industries. We sat with them to observe how they worked, gathering their feedback on how we could create an even better user experience," said Gerard Metrailler, Director, Product Management, Graphics at Corel. "The end result is CorelDRAW Graphics Suite X4 - a suite that provides users with easy-to-use tools that deliver outstanding results, while also having a dramatic and positive impact on their day to day productivity."
Delivering a Superior User Experience Through Improved Usability, Enhanced Interactivity, and Streamlined Workflow
CorelDRAW Graphics Suite X4 features more than 50 new and significantly enhanced features, including:
-- New! Live text formatting: CorelDRAW Graphics Suite X4 introduces live text formatting, allowing users to preview text formatting options before applying them to a document. With this time-saving feature, users can now preview many different formatting options, including fonts, font size, and alignment, removing the "trial-and-error" typically associated with the design process.
-- New! Font identification: CorelDRAW Graphics Suite X4 now integrates with WhatTheFont(TM), the online font identification service from MyFonts.com. Users can save time by quickly identifying the font used in existing bitmap designs, artwork or other images received from clients.
-- New! Independent page layers: Users can now control and edit layers independently for each page of a document, reducing the occurrence of pages with empty layers. Users can also add independent guidelines for individual pages and master guidelines for an entire document. This gives users the ability to create different layers on a page-specific basis, unconfined by a single document structure.
-- New! Interactive tables: The new, interactive Table tool in CorelDRAW Graphics Suite X4 lets users create and import tables to provide a powerful, structured layout for text and graphics. Users can easily align, resize, or edit tables and table cells to suit their designs. In addition, users can convert delimited text and easily add and adjust images in individual cells.
-- Enhanced! Windows Vista(R) integration: CorelDRAW Graphics Suite is the only professional graphics suite Certified for Windows Vista(R). CorelDRAW Graphics Suite X4 has been designed to take advantage of the latest innovations from Windows Vista, while still offering a superior experience for Windows(R) XP users. CorelDRAW Graphics Suite X4 integrates with the desktop search capabilities of Windows Vista directly from within the Open and Import dialog boxes, enabling users to search for files by author, subject, file type, date, keywords, or other file properties. Users can also easily add their own keywords, ratings or other notes when saving files in order to better organize their projects.
-- New! CorelDRAW(R) ConceptShare(TM) integration: The new CorelDRAW(R) ConceptShare(TM) docker, accessible from within CorelDRAW Graphics Suite, integrates a valuable online collaboration tool directly within the user workflow. In a Web-based environment, CorelDRAW ConceptShare lets users share their designs and ideas with colleagues or clients in real time. Users can easily create multiple workspaces, upload their designs, and invite others to provide feedback or submit their own ideas without sending large files over email.
-- New! File format support: CorelDRAW Graphics Suite X4 maintains its position as market leader in file format compatibility by adding support for Microsoft(R) Office Publisher. Users can also expect seamless compatibility with Microsoft Word 2007, Adobe Illustrator(R) Creative Suite(R) 3, Adobe Photoshop(R) CS3, PDF 1.7 (Adobe(R) Acrobat(R) 8), AutoCAD(R) DXF(TM) and AutoCAD(R) DWG(TM), and Corel Painter(TM) X, making it easier than ever to exchange files with clients and colleagues.
-- New! Professionally designed templates: CorelDRAW Graphics Suite X4 includes 80 professionally designed and customizable templates, giving users a springboard to the design process. Flexible and easy to customize, the templates are accompanied by Designer Notes that provide information on the design choices made for the template, tips for outputting a design based on the template, and instructions for customizing the template while still adhering to design principles.
-- New! Specialized fonts: An extended selection of new fonts in CorelDRAW Graphics Suite X4 helps users ensure their output is optimized for its intended audience. This specialized collection of fonts includes single-line engraving fonts and OpenType(R) cross-platform fonts, which offer enhanced language support for Latin, Greek, and Cyrillic outputs in WGL4 format.
-- New! Welcome screen: With a new Welcome screen, CorelDRAW Graphics Suite X4 provides users with a centralized location to access recently used documents, templates, and learning tools, which include Tips & Tricks and video tutorials. To inspire users, the Welcome screen also includes a gallery that showcases designs created by CorelDRAW Graphics Suite users from around the world.
New Additions to Corel PHOTO-PAINT(R)
-- New! RAW camera file support: Corel PHOTO-PAINT(R) now includes support for RAW camera file formats, enabling users to import RAW camera files directly from their digital camera. With support for approximately 300 different camera types and interactive controls that provide real-time previews, users can view file properties and camera settings, adjust image color and tone, and improve image quality, all from within Corel PHOTO-PAINT X4 and CorelDRAW X4.
-- New! Straighten image: Using Corel PHOTO-PAINT, users can quickly and easily straighten images that were scanned or photographed at an angle. With interactive controls, a grid with vertical and horizontal guidelines, and an integrated histogram that provides results in real time, PHOTO-PAINT makes it easier than ever to straighten crooked images. In addition, users can choose to have their images automatically cropped.
-- Enhanced! Tone Curve adjustments: With the enhanced Tone Curve dialog box, Corel PHOTO-PAINT X4 users can adjust their images with greater precision. With an integrated histogram, users now receive real-time feedback as they make adjustments to their images. In addition, the new Eyedropper tool lets users pinpoint specific color locations on the tone curve of their image, as well as select, add, or delete nodes along the tone curve.
"With the release of CorelDRAW Graphics Suite X4, Corel continues to set the industry standard for graphics power, ease-of-use and productivity," said Ariel Garaza Diaz, Professor and Expert in Graphic Design and Prepress, Madrid, Spain. "Adding innovative features like live text formatting and providing support for an even wider variety of file formats further demonstrates Corel's commitment to providing users with superior performance, value and productivity."
What Is Included with CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 continues to offer the industry's best combination of usability, performance, and price. The latest version of the award-winning suite includes the following core applications and content:
-- CorelDRAW(R) X4: An intuitive vector-illustration and page layout application, CorelDRAW X4 delivers results fast, whether users are creating a company logo or working to meet demanding production schedules.
-- Corel PHOTO-PAINT(R) X4: Corel PHOTO-PAINT is a professional image-editing application that lets users quickly and easily retouch and enhance photos. It is specifically designed for use in a graphics workflow.
-- Corel(R) PowerTRACE(TM) X4: Professional designers often receive poor-quality bitmap images from clients and face the challenge of turning these bitmaps into high-quality vector images for business cards, brochures, signs, or other promotional items. Corel PowerTRACE X4 solves this problem by letting users quickly and accurately convert bitmaps into editable vector graphics.
-- Corel CAPTURE(TM) X4: A one-click screen-capture utility, Corel CAPTURE X4 lets users capture images from an application or the Internet.
-- CorelDRAW(R) Handbook - Insights from the Experts: The new CorelDRAW Handbook features the designs of accomplished CorelDRAW experts. Providing step-by-step guidance and design insights, experts from a variety of industries demonstrate the power and versatility of CorelDRAW Graphics Suite X4.
-- Training videos: CorelDRAW Graphics Suite X4 includes two hours of training videos on DVD. Topics include illustration, design, and image-editing fundamentals, industry-specific design principles, and output details for various media, such as print or the Web.
-- CorelDRAW(R) community site: Accessible from within the application, the CorelDRAW.com community site gives users a place to meet, share information and learn from other users. Combining forums, blogs, galleries, and other resources, CorelDRAW.com is a valuable source of information and inspiration for professional designers and occasional graphics users alike.
-- Increased content with more than 10,000 handpicked, high-quality clipart and digital images: CorelDRAW Graphics Suite X4 includes 4,000 new images, 1,000 professional, high-resolution digital photos, 1,000 OpenType(R) fonts - content worth thousands of dollars if purchased separately. The suite also includes a printed User Guide, Digital Content Guide, and a Quick Reference Card to help new users get started quickly.
Pricing and Availability
CorelDRAW Graphics Suite X4 will be available in North America for a suggested retail price of $429 US for the full version and $199 US for the upgrade. The latest version of the suite will be available in English, French, German, Italian, Dutch, Spanish, and Brazilian Portuguese beginning in February 2008.
For more information on CorelDRAW Graphics Suite X4 or to download a full-featured, free trial version, please visit www.corel.com/coreldraw.
Written by computerboom on January 24th, 2008 with comments disabled.
Read more articles on Uncategorized.
