The policy cannot be deployed. Microsoft Forefront Client Security

Reading Time: < 1 minute

After installing Microsoft Forefront Client Security on a server, you receive the below error when attempting to deploy a policy
to an OU.


The policy cannot be deployed
Further details:
Exception has been thrown by the target of an invocation.
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

This is caused due to the version of Forefront Client Security not being supported on Windows 2008 server. You will not receive the error
on a Windows 2003 server.

BUT there is a fix. Install Forefront service pack 1. I had to install it earlier and it took less then a minute to install. No reboot was required.

For more info see

The importance of online backup

Reading Time: < 1 minute

Unless you have been living in a cave, almost everyone has heard of the cloud and some of you may already be using it. Examples such a Flickr and Google Docs spring to mind, but there is one area where cloud computing is very good for – online backup. With the widespread adoption of fast broadband, online backup has become
increasingly popular.

So what is online backup exactly? Online backup essentially sends your files and folders offsite to a secure server over the Internet. Everyone knows they
should backup, but why is online backup better?

Online backups have many advantages over traditional backup methods. Firstly the data is sent offsite, protecting data from physical threats such as fire, flood and viruses.

Online backups are completely automatic – you do not need to remember to backup every Friday – the software will do it for you – every day without fail.

Typically an online backup service keeps around 30 days of backups so you can easily roll back to a specific point in time – something that is very difficult to do with tape backup.

Online backup companies such as ensure that your data is encrypted before it leaves your computer and is held encrypted on their servers to complete privacy.

Restoring data is also very easy. Just a couple of mouse clicks and a file can be restored and sent back to your computer.

As the data is stored in the cloud the amount of storage is essentially infinite – so an online backup solution will grow as your storage requirements increase. There is also no hardware or media to buy.

With broadband speeds increasing year on year, online backup is a technology that is here to stay.

Conficker Standalone Removal Tool

Reading Time: < 1 minute

The below tool provided by Sophos will scan for the below Conficker Viruses:

To download tool – click Conficker Removal Tool


For more info on Conficker or ways to remove it from your network, use the search box towards the top right. Type the word conficker.

Create security enhanced redirected folders

Reading Time: < 1 minute

Create security enhanced redirected folders

To make sure that only the user and the domain administrators have permissions to open a particular redirected folder, do the following:

1) Select a location in your environment where you would like to store Folder Redirection, and then share the selected folder. In this example, FLDREDIR is used.
2) Set Share Permissions for the Everyone group to Full Control.
3) Use the following settings for NTFS Permissions:
4) CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
5) System – Full Control (Apply onto: This Folder, Subfolders and Files)
6) Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
7) Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
8.) Everyone – List Folder/Read Data (Apply onto: This Folder Only)
9) Everyone – Read Attributes (Apply onto: This Folder Only)
10) Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)

Use a path similar to \\server\FLDREDIR\username to create a folder under the shared folder, FLDREDIR.
Because the Everyone group has the Create Folder/Append Data right, the group members have the proper permissions to create the folder; however, the members are not able to read the data afterwards. The Username group is the name of the user that was logged on when you created the folder. Because the folder is a child of the parent folder, it inherits the permissions that you assigned to FLDREDIR. Also, because the user is creating the folder, the user gains full control of the folder because of the Creator Owner Permission setting.

More at Microsoft