Windows XP Security Guide - Laptop Policy

david.2.adamson_at_bt.com
Date: 11/24/05

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #266" 
    Date: Thu, 24 Nov 2005 13:14:31 -0000
To: <focus-ms@securityfocus.com>

    I have an environment that I have set up for a customer using the
    Windows 2003 Security Guide and enterprise policy settings. This is all
    fine, I have also implemented the enterprise security policies from the
    Windows XP security guide. I have set up both the enterprise desktop
    policy and also the enterprise laptop policies + the environment
    specific and local account changes.

    I have been getting calls from the administrator saying they are unable
    to do a few things on the Laptops:

    1. Remotely manage them properly from another desktop/laptop/server
    ie. Red X in users and groups, access denied on services, eventvwr etc
    2. The main one - They are unable to offer assistance to Laptops,
    they offer to any of the desktops without issues.

    The firewall exceptions are all correct, even with the firewall disabled
    we still get permission denied instantly. The remote is enabled on the
    machine and also via group policy with the correct group populated. It
    seems to be a security difference between the desktop and laptop policy
    in the security guide that is causing offer assistance to fail but not
    on site and so cant really have a good look. They are able to RDP into
    the Laptops though?

    Any help, direction would be greatly appreciated.

    Rgds
    Dave Adamson

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #266"

    Relevant Pages

    • RE: Windows XP Security Guide - Laptop Policy
      ... Windows XP Security Guide - Laptop Policy ... Windows 2003 Security Guide and enterprise policy settings. ...
      (Focus-Microsoft)
    • Re: Securing Enterprise Policy from local admins
      ... >>The enterprise policy level affects every computer and user on the network ... the settings changes to the individual machines on the network. ... > Enterprise security policy that cannot be secured at the Enterprise level. ...
      (microsoft.public.dotnet.security)
    • Re: .NET Smart Clients, transparency and security
      ... > assembly/smart client itself cannot ask the user to trust an assembly. ... > can only be done in advance through a modification of the security policy. ... > to make this stuff work safely and enforce standards enterprise wide. ...
      (microsoft.public.platformsdk.security)
    • Re: .NET Smart Clients, transparency and security
      ... > assembly/smart client itself cannot ask the user to trust an assembly. ... > can only be done in advance through a modification of the security policy. ... > to make this stuff work safely and enforce standards enterprise wide. ...
      (microsoft.public.dotnet.security)
    • Re: Security templates and IUSR account log on locally
      ... You may also want to revisit the download for the W2k3 Security Guide as ... The Microsoft group policy Enterprise security template for Member ... The Member Server template is a baseline for all servers. ...
      (microsoft.public.inetserver.iis.security)