Abstract: An embodiment relates generally to a method of creating a secure environment in a computer device. The method includes providing a secure guest account in a multi-user operating system and enforcing a policy on the secure account to allow a user to log-in to the secure guest account while preventing access at least one network port of the computer device. The method also includes enforcing a rule to allow the secure guest account access to an application and the at least one network port.

Abstract: Some embodiments of a system and a method to verify compliance in a connected system have been presented. For instance, a system management server provided by a software vendor is installed in a customer's network to manage a set of computer systems belonging to the customer. The system management server can provide cryptographically timestamped hashes of states of the system management server to the software vendor periodically to allow the software vendor to verify compliance information from the customer.

Abstract: Some embodiments of a system and a method to verify compliance in a disconnected system have been presented. For instance, a provider server can collect system management server state hashes from a set of computer systems in transactions not directly related to billing between the provider server and the computer systems. The computer systems may be coupled to a system management server that is within an internal network of a customer. The provider server can verify compliance information submitted by the customer using the system management server state hashes collected without communicating with the system management server in the internal network.

Abstract: An embodiment relates generally to a method of creating a secure environment in a computer device. The method includes providing a secure guest account in a multi-user operating system and enforcing a policy on the secure account to allow a user to log-in to the secure guest account while preventing access at least one network port of the computer device. The method also includes enforcing a rule to allow the secure guest account access to an application and the at least one network port.