Many of you already know of my love for ScriptLogic’s Desktop Authority and if you don’t you can certainly read about why I think it’s great here, but today I wanted to point out perhaps a lesser known product that can make life as an IT administrator much easier. ScriptLogic’s Privilege Authority is the perfect tool for allowing your users to have the rights to do their jobs without giving them the keys to bring down the network or their PC. In my experience as an admin in the past it was always an all or nothing deal, we either locked down the desktops so tight that they couldn’t install anything and we got a million calls a day need permission to install this app or ActiveX blah blah and it was a nightmare… We spent more time installing things than we did actually fixing things. On the flip side eventually you cave and just make them an administrator of their local machine only to come back and see that antivirus is disabled because it makes things “slow” or they had installed every toolbar ever and a thousand games.       

Privilege Authority bridges that gap, giving users a configurable amount of rights to their machines without giving them the keys to the whole world. We can let them install ActiveX controls, of course only the ones that we are okay with, likewise for additional applications or even certain windows processes. We can get as granular as we want on the different privileges they have down to users, computers, network subnets, etc. Sometimes its little things that you don’t even think about take the use case below for example provided by the ScriptLogic team.

A School District had granted the students admin rights on the workstations and they thought they were secure.  What they didn’t know was that in Windows 7 you can check a box to reveal wireless passwords if you have admin rights. This features existence became known when a student figured it out and tweeted the WPA2 wireless password thus causing a major security breech. They now needed to lock down all machines but the students need rights for a certain application thus leading them to Privilege Authority to solve exactly this issue

Here is the issue in Windows 7.

Wireless Network Security Key Flaw

When the Wireless LAN Network Keys have already been entered into the system, a normal user with administrative rights (to the local machine) can in fact goes into the Wireless network properties and view the entered Network Security Key.

This is due to a checkbox located conveniently below the Network Security Key, named Show Characters.  By clicking on this checkbox, the user actually can have the network security key displayed in clear text!

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/c5900c75-c031-4e02-9350-df7cb65bce04/

I don’t know about the readers out there but this is something that I don’t think I would have ever thought of and sometimes it’s the little things like this that get you! One last thing before I end my rant… ScriptLogic has a cool video that I think if fitting for all this. Check it out LOL!

IT Admin Gets Trolled

VMware View 4.5, the industry leading virtual desktop solution, is now being offered through the end of this year as a Campus Wide discounted package to Education Customers. View 4.5 eases the burdens associated with Windows 7 Deployments, management of desktop computers, & application delivery.

View 4.5 Architecture

For additional information, visit http://www.vmware.com/solutions/education/campus-wide-agreement.html

http://www.vmware.com/files/pdf/VMware-View-Campus-Wide-Agreement-Flyer-EN.pdf

http://www.vmware.com/files/pdf/VMware-View-Campus-Wide-Agreement-FAQ-EN.pdf

When it was released, it quickly outpaced previous versions of Windows in sales– and Microsoft claimed it was the fastest selling OS of all time, but without releasing the numbers to prove it. Until now.  They are now stating that they have sold over 90 MILLION licenses for Windows 7 already. Seriously impressive numbers.

Read more >>

As companies move to Windows 7, they will be faced with many challenges. Utilizing Vmware View with ThinApp will ease the migration and mitigate many of these issues.
VMware View and ThinApp allow companies to:

• Eliminate costly application porting and reduce regression testing
• Reduce conflicts and support calls with the application isolation and portability of VMware ThinApp, an integral part of VMware View
• Perform Windows 7 migrations across systems without having to reboot
• Migrate existing applications to Windows 7 by copying application files rather than installing them for faster deployment
• Update a master desktop image without affecting user settings, data, or application
• Extend the life of your application and hardware to maximize and protect your investment

Using VMware desktop virtualization, you will also gain the following benefits:

• Run a single image of the Windows 7 OS across your virtual environment on a variety of hardware types
• Maintain user productivity by enabling Windows 7 migration across many systems without rebooting
• Reduce management costs and power consumption by encapsulating older systems and running them in a more efficient, server-based environment
• Ensure application compatibility on all endpoint devices

Read more ….

http://www.egroup-us.com/Default.aspx?TabId=85&sid=0181fddaabf172e258126317daac91e8&svpage=product_view

For those of you who have been using the Cisco AnyConnect client but have recently upgraded to Windows 7, make sure you’ve got the right AnyConnect client on your ASA.

Straight from the release notes:

AnyConnect Client 2.4 runs on the following new platforms:

• Microsoft Windows 7 (32-bit and 64-bit).

• Mac OS X 10.6 and 10.6.1 (both 32-bit and 64-bit).

There are also some other items in the release notes to be aware of– including requirements for a CLEAN install when upgrading from previous Operating Systems. The Release Notes can be found here