Bruce W. Copeland - Redmond WA, US David C. James - Bothell WA, US Donald Y. Song - Redmond WA, US Dustin M. Ingalls - Sammamish WA, US Jeffrey A. Sutherland - Seattle WA, US Jeffry B. Phillips - Seattle WA, US Joseph S. Calabig - Sammamish WA, US Khuzaima Iqbal - Redmond WA, US Michael J. Healy - Redmond WA, US Rajagopalan Badri Narayanan - Redmond WA, US Zhengkai Kenneth Pan - Redmond WA, US
Assignee:
Microsoft Corporation - Redmond WA
International Classification:
G06F 13/00
US Classification:
719316, 719310, 719313, 719315, 709223
Abstract:
A method, system, and architecture for managing computer systems is provided. A management system employs management objects (MOs) to provide administrators the ability to intuitively express the administrative intent in an information technology (IT) environment, and to act out the administrative intent based on the information gathered by the management system. Managed elements of an IT environment, such as, by way of example, hardware components, software applications, software updates, software distribution policies, configurations, settings, etc. , may be expressed as MOs. Actions, such as, by way of example, detect, install/apply, remove, remediate, enumerate, etc. , may be associated with the MOs. The management system manages the computer systems by deploying the appropriate MOs and their associated actions onto the computer systems, and performing the actions on the computer systems.
Bruce W. Copeland - Redmond WA, US David C. James - Bothell WA, US Donald Y. Song - Redmond WA, US Dustin M. Ingalls - Sammamish WA, US Jeffrey A. Sutherland - Seattle WA, US Jeffry B. Phillips - Seattle WA, US Joseph S. Calabig - Sammamish WA, US Khuzaima Iqbal - Redmond WA, US Michael J. Healy - Redmond WA, US Rajagopalan Badri Narayanan - Redmond WA, US Zhengkai Kenneth Pan - Redmond WA, US
Assignee:
Microsoft Corporation - Redmond WA
International Classification:
G06F 9/46 G06F 15/16
US Classification:
709217, 718100
Abstract:
A method, system, and architecture for managing computer systems is provided. A management system employs management objects (MOs) to provide administrators the ability to intuitively express the administrative intent in an information technology (IT) environment, and to act out the administrative intent based on the information gathered by the management system. Managed elements of an IT environment, such as, by way of example, hardware components, software applications, software updates, software distribution policies, configurations, settings, etc., may be expressed as MOs. Actions, such as, by way of example, detect, install/apply, remove, remediate, enumerate, etc., may be associated with the MOs. The management system manages the computer systems by deploying the appropriate MOs and their associated actions onto the computer systems, and performing the actions on the computer systems.
Block Device Signature-Based Integrity Protection For Containerized Applications
- Redmond WA, US Jeffrey A. Sutherland - Seattle WA, US Deven Robert Desai - Bellevue WA, US Jaskaran Singh Khurana - Bellevue CA, US Scott Randall Shell - Bellevue WA, US Jessica M. Krynitsky - Manassas VA, US
International Classification:
G06F 21/52 G06F 21/51
Abstract:
Integrity verification of a containerized application using a block device signature is described. For example, a container deployed to a host system is signed with a single block device signature. The operating system of the host system implements an integrity policy to verify the integrity of the container when the container is loaded into memory and when its program code executes. During such events, the operating system verifies whether the block device signature is valid. If the block device signature is determined to be valid, the operating system enables the program code to successfully execute. Otherwise, the program code is prevented from being executed. By doing so, certain program code or processes that are not properly signed are prevented from executing, thereby protecting the host system from such processes. Moreover, by using a single block device signature for a container, the enforcement of the integrity policy is greatly simplified.
Optimized Telemetry-Generated Application-Execution Policies Based On Interaction Data
- Redmond WA, US Isha Aniruddha OKE - Bellevue WA, US Scott Randall SHELL - Kirkland WA, US Jeffrey Alan SUTHERLAND - Seattle WA, US Jaskaran Singh KHURANA - Bellevue WA, US Zhouheng SUN - Los Angeles CA, US Noah McGregor HARPER - Cartersville GA, US
International Classification:
H04L 29/08 G06F 11/34
Abstract:
The present disclosure concerns systems and methods for generating application-control policies. A system may receive application-usage data for a set of devices. The application-usage data may identify binaries with which a user interacted. The system may determine one or more application-usage characteristics for one or more devices in the set of devices based at least in part on the application-usage data and may rely solely on data associated with the binaries with which the user interacted. The system may identify a set of candidate devices based on the one or more application-usage characteristics. The application-usage characteristics may include a measure of distinct applications used during a specified time period and a measure of variability of application usage across a set of specified time periods. The system may generate an application-control policy for the set of candidate devices based on application-usage data for the set of candidate devices.
Binary Authorization Based On Both File And Package Attributes
- Redmond WA, US Jeffrey SUTHERLAND - Seattle WA, US Deskin MILLER - Redmond WA, US Scott ANDERSON - Seattle WA, US Deepak Jagannathan MANOHAR - Redmond WA, US Adrian MARINESCU - Sammamish WA, US
International Classification:
G06F 21/51 G06F 21/56
Abstract:
Examples described herein generally relate to a computer device including a memory, and at least one processor configured to determine whether to allow execution of an application file on the computer device. The processor receives a command to execute a file. The processor determines whether the file is associated with a package reputation of an installation package. The processor determines a file reputation of the file. The processor determines whether to allow execution of the file based on a combination of the file reputation of the file and whether the file is associated with the good package reputation.
Locating System For Vehicle Load Floor Panel Measurement
Jacob Wright - Rochester Hills MI, US Eric Clara - Algonac MI, US Nicholas D Kappler - Waterford MI, US Jeffrey D Sutherland - Ortonville MI, US Eric A Marsh - Macomb MI, US John H Pray - Shelby Township MI, US Joseph J Swailes - Oxford MI, US Kazimiera Borek - Macomb MI, US
A compression molded vehicle floor panel includes a main body formed by compression molding and having a first side and an opposed second side, and at least one separately formed measurement locating member at least partially encapsulated in the main body during the compression molding. The measurement locating member defines a cavity having an open end at the first side of the main body. The cavity is configured to receive a locator pin of a measurement fixture to locate the compression molded vehicle floor panel in the measurement fixture for measurement of the compression molded vehicle floor panel.
Propagating Origin Information For Applications During Application Installation
- Redmond WA, US Kinshumann Kinshumann - Redmond WA, US Thomas W. Caldwell - Bellevue WA, US Jeffrey A. Sutherland - Seattle WA, US Jeffrey R. McKune - Sammamish WA, US Deskin M. Miller - Redmond WA, US Scott D. Anderson - Seattle WA, US
Assignee:
Microsoft Technology Licensing, LLC - Redmond WA
International Classification:
H04L 29/08 H04L 29/06
Abstract:
An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.
Limiting Enterprise Applications And Settings On Devices
- Redmondd WA, US Michael Healy - Duvall WA, US Brett D.A. Flegg - Redmond WA, US Gaurav Dhawan - Seattle WA, US Jeffrey Sutherland - Seattle WA, US
International Classification:
G06F 21/51 G06F 21/62
Abstract:
Registering a computer system for use in an enterprise. A method includes receiving, from a device management infrastructure of the enterprise, an executable system management component (SMC), and installing the SMC at a storage device. The method also includes executing the SMC, causing the computer system to register with the device management infrastructure, including applying a device settings policy to a configuration of the computer system. Executing the SMC also causes the computer system to configure itself to periodically execute a maintenance task received from the device management infrastructure. The method also includes periodically executing the maintenance task, causing the computer system to receive updated device settings policies from the device management infrastructure and apply the updated device settings policies to the configuration of the computer system, and to receive an updated application from the device management infrastructure and install the updated application at the computer system.
In an official blog post on the Building Windows 8 blog, Jeffrey Sutherland, a program manager lead, says: "For WOA, we have integrated a new management client that can communicate with a management infrastructure in the cloud to deliver LOB apps to users." (LOB stands for line-of-business. "Line-of