RE: Windows 2000 local security policy

From: Tim V - DZ (iceburn@dangerzone.com)
Date: 01/22/03

  • Next message: Kain, Becki (B.): "https out" 
    From: "Tim V - DZ " <iceburn@dangerzone.com>
To: "'Mohamed Karmil Asgarally ( ZADCO ITS)'" <Karmil@zadco.co.ae>
Date: Wed, 22 Jan 2003 00:02:58 -0600

    I think what'll help you best are the NSA's recommendations. They give
    you policy files for various setups...workstation vs server, various
    OSes, etc

    Even you decided that they are too rigid / not rigid enough ;-) there
    are guides that outline all the options, what they do, and why the
    picked the setting they did in order to allow you to make your own
    decision.

    The one word of warning is: "read the documentation first." If you
    apply the policies they recommend, _something_ is sure to 'break' in
    your everyday tasks.

    http://www.nsa.gov/snac/index.html

    -t

    -----Original Message-----
    From: Mohamed Karmil Asgarally ( ZADCO ITS) [mailto:Karmil@zadco.co.ae]
    Sent: Saturday, January 18, 2003 10:38 PM
    To: security-basics@securityfocus.com
    Subject: Windows 2000 local security policy

    Hi All,

    I am currently working on a solution to deploy local security policy
    settings on users desktop running Windows 2000 professional. I am aware
    that group policies can be centrally managed from Windows 2000 server
    active
    directory. However, i have currently only Windows Nt as server and we
    are
    using Novell Netware as authentication server. The Windows NT server is
    only to provide services such as Exchange.

    If anyone can help me in:
    * how to create a policy template (probably in *.inf format)
    * how to deploy this template (probably through login script) to
    the
    desktops
    * how to audit the settings (to determine whether the policy
    setting
    has been properly updated or if there is any breach of security by
    users)

    I have heard of a tool called secedit.exe. However, the help i have
    obtained on how to use this tool is quite confusing.

    I am open to any suggestions. Please help as this is an urgent issue.

    The policies i am trying to set are:
    * Audit policy
    * User rights assignment; and
    * Security policies

    These policies are to be deployed to 1000+ desktop computers

    Thanks to everyone for any help and suggestions

    Relevant Pages

    • Re: XP Cant See Windows 2000 Server to Use Printer
      ... Everybody is running Windows 2000 ... > There are 2 servers in domain LCSYS on transport ... But the server freedom printer is set for everyone ... With XP Pro, if SFS is disabled, check the Local Security Policy (Control Panel ...
      (microsoft.public.windowsxp.network_web)
    • RE: Logon problems after running dcgpofix.exe to reset domain policies
      ... Thank you for posting in SBS newsgroup. ... You said: "I am using the following setup: Windows 2003 Server standard ... Windows server 2003 Standard Edition or Windows Small Business Server 2003 ... Settings | Security Settings | Local Policies. ...
      (microsoft.public.windows.server.sbs)
    • RE: Windows 2000 local security policy
      ... Windows 2000 local security policy ... I think what'll help you best are the NSA's recommendations. ... that group policies can be centrally managed from Windows 2000 server ...
      (Security-Basics)
    • Logon problems after running dcgpofix.exe to reset domain policies
      ... I am using the following setup: Windows 2003 Server standard ... edition with clients running Windows 2000 pro and Windows XP pro. ... to reset the Default Domain Policies and Default Domain Controller ...
      (microsoft.public.windows.server.sbs)
    • RE: Windows 2000 local security policy
      ... Is the Windows NT server only a Stand-Alone or a Domain Controller? ... Creating a template is rather simple; actually it would be easier to do ... I am currently working on a solution to deploy local security policy ...
      (Security-Basics)