RE: Windows 2kserver with XP clients - Policies

From: Dennis Schut (Dennis.Schut_at_infratects.nl)
Date: 05/13/04

  • Next message: Mike: "RE: Windows 2kserver with XP clients - Policies" 
    Date: Thu, 13 May 2004 13:55:29 +0200
To: "Ivan Carlos" <icarlos@icarlos.net>, <security-basics@securityfocus.com>, "Yahoo - Grupo quebradesistema" <quebradesistema@yahoogrupos.com.br>

    Hi Ivan,

    Just to be sure, you mean that you want to control specific XP settings
    via a gPO?

    If that's the case, you should think about creating your own
    administrative templates (.ADM).

    Another thing you can do is to import .ADM templates from a Windows
    Server 2003 machine or XP machine.
     
    You can find additional information regarding the above on the following
    website.
    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged
    /31_xpapc.mspx

    If the desired settings are not in these .ADM's, then you can always
    create your own.

    This is the way I do it:

    On a XP machine install a registry monitor tool which monitors the
    changes in the registry.

    For example, if you want to have a gPO setting that disables the
    firewall.

    On the XP machine were you installed the registry monitor tool, first
    enable and then disable the firewall, don't forget to first activate the
    tool, the tool will register which registry key is used for this action.
    If you find the registry key that records this, then you can create an
    ADM with the desired settings that you want, disable and/or enable.

    Import your ADM file in the XP workstation gPO, link it to the
    applicable OU, and test your gPO on a XP machine.

    I have attached an .ADM template, so you can see what kind of code you
    must use to create one. There is additional information regarding the
    ADM code, but I do not know anymore were you can find it, just search
    the Microsoft website for ADM, and you will probably find it.

    If you have any questions, feel free to mail me

    Best Regards,
     
    Dennis Schut
    Technical Consultant
    Infratects BV
    Architects of the Future...
    Maliebaan 68
    3581 CV Utrecht
    The Netherlands
    Web: www.infratects.com

    -----Original Message-----
    From: Ivan Carlos [mailto:icarlos@icarlos.net]
    Sent: Tuesday, May 11, 2004 01:21
    To: security-basics@securityfocus.com; Yahoo - Grupo quebradesistema
    Subject: Windows 2kserver with XP clients - Policies

    How to create or locate to download policies templates to manage XPs
    from
    Win2k Server?

    For example, disable themes, and the "theme" services, firewall, etc?

    I cannot found anything in microsoft's and technet websites...

    tx a lot

    Ivan "Doomer" Carlos
    -
    Cell.: +55 (11) 8112-0666
    icarlos@icarlos.net
    www.icarlos.net
    -
    ICQ UIN: 666621
    Y!M / AIM: ivandoomer
    MSN: icarlos@icarlos.net
    --------------------------------------------------

    ------------------------------------------------------------------------ 

    ---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.ht
------------------------------------------------------------------------
---
Infratects B.V.

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Mike: "RE: Windows 2kserver with XP clients - Policies"

    Relevant Pages

    • Re: Long binary values in ADMs
      ... ADM templates do not support the binary data type. ... Policy Maker ... Professional includes a free Registry extension which supports all data ... You can also filter individual settings using 25 ...
      (microsoft.public.windows.group_policy)
    • Re: Time GPO for Clients
      ... not make it into the registry even though the GPO is properly configured. ... GPO's apply these particular settings, so there should be no conflicts. ... I'll have to test with another client machine to see if it is now ...
      (microsoft.public.windows.server.active_directory)
    • RE: Prevent folder redirection on my xp pro laptop (delete fdeploy.dll
      ... Hacking the registry is the only way to change your settings. ... and I want to disable the folder redirection for ... So after some googling and getting to know more about GPO etc. than I ever ...
      (microsoft.public.windows.group_policy)
    • Re: File Blocking frustration
      ... Ive set the GPO settings to not block ANY previous version files and Ive also ... my personal machine does not have this registry setting applied and I ... have no problems opening previous version Word docs with Word 2007. ...
      (microsoft.public.word.docmanagement)
    • Re: Power Managment Under Group Policy
      ... Would I go into the Registry, under the GPO on my server. ... >Power management settings are binary values in the ...
      (microsoft.public.win2000.group_policy)