RE: Domain vs. Local security policy

From: Streeter, Joseph (WI) (Joseph.Streeter_at_wi.ngb.army.mil)
Date: 09/09/03

  • Next message: Ansgar Wiechers: "Re: Disabling sharing and group policies" 
    To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Tue, 9 Sep 2003 13:36:57 -0500

    It might be best to have the local GPO good and tight. That way there are
    fewer polices that have to be applied across the network at start up and
    logon. It's also the only policy to apply to local accounts on that machine.

    If you want to back off any of the local policies you can override them with
    the Domain or OU polcy.

    -----Original Message-----
    From: simonis [mailto:simonis@myself.com]
    Sent: Monday, September 08, 2003 1:26 PM
    To: Brad Renfro
    Cc: focus-ms@securityfocus.com
    Subject: Re: Domain vs. Local security policy

    Brad Renfro wrote:
    >
    > What is the residual risk of applying fairly strict domain wide security
    > policies on a LAN but leaving local security policy pretty much the
    default?
    >

    As far as I understand it, this would allow someone to remove the box
    from the domain and operate under the looser local policy. A larger
    question is of what benefit it is to you?

    -Ds

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security
    Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

  • Next message: Ansgar Wiechers: "Re: Disabling sharing and group policies"

    Relevant Pages

    • RE: Pen Testing Map
      ... did I see the the viewing of web applications or anything for mysql. ... Concerned about Web Application Security? ... You have an option to go with a managed service (Cenzic ... FREE whitepaper on how a managed service can help you: ...
      (Pen-Test)
    • Re: focus-ms@securityfocus.com
      ... What exactly is the "right security policy"? ... >>firewall security suite that prevent Web applications attacks, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • RE: Pen Testing Map
      ... Concerned about Web Application Security? ... As attacks through web applications ... You have an option to go with a managed service (Cenzic ... FREE whitepaper on how a managed service can help you: ...
      (Pen-Test)
    • Re: DMZ NT4 TO Internal 2000 AD One-Way Trust via Firewall
      ... leverage an effectivity security policy to ensure that password complexities ... > currently a mess of local and domain users, no security policy, etc. ... DMZ, not publicly accessible) that aren't going away within the stated ... to non-DC web servers in the DMZ on 80 and 443 - none of which are directed ...
      (microsoft.public.windows.server.active_directory)
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... > Checkpoint propaganda stuff. ... > spent most of my security consulting career trying to stomp out bloated ... >>All NetScreen appliances rely on custom-designed ASICs (Application ... >>Specific Integrated Circuits) for security policy enforcement. ...
      (Firewall-Wizards)