Re: Security Templates
From: Salvador Manaois III (III_at_discussions.microsoft.com)
Date: 06/01/05
- Next message: Roger Abell: "Re: Restricting other users"
- Previous message: Mehrdad Hakimzadeh: "Re: Protect Key Lost in computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 31 May 2005 21:08:07 -0700
Programatically, you can use secedit to analyze, import/export, configure and
generate rollbacks of security templates. In my case, I normally create a
backup of the existing settings in the security database before applying a
new security template. This ensures that I can always rollback to my previous
settings should I find the new settings unsuitable.
...badz...
mcse/mcsa
smanaois3[at]gmail[dot]com
rants: http://www.rancidroot.blogspot.com
"Roger Abell" wrote:
> Policies may be backed up with GPMC.
> The way to go about this however is to recognize that, as is stated in
> the writeups with the templates, these are example templates. That is,
> they are not so much intended to be used off-the-shelf but to be used as
> a guide to the settings that could be used in the different circumstances.
>
> Since the exact set of policy values that will effect an objective and also
> not cause problems is so very dependent on the specifics of the deployed
> environment, you must use judgement for each policy.
> It is recommended that you use a new GPO, in which you set the policies
> you have selected, likely part by part. With all the deltas so isolated
> into
> a separate GPO, rolling back the affect is nearly as simple as unlinking
> the GPO, but keep in mind that some things are not reversed in this way.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Eddie" <Eddie@discussions.microsoft.com> wrote in message
> news:3223E479-AF5E-41B4-8D67-B95D76669398@microsoft.com...
> > ok, is there away to backup the current so I reaply it if for some reason
> the
> > new is not working? I ran the security conig analyzt so I am confident
> that
> > the new template will work fine but I would like to be safe.
> >
> > "Faisal [MSFT]" wrote:
> >
> > > you are asking a huge question, better to review the documentation and
> check
> > > on support website. Sec templates if misconfigured have huge
> consequences so
> > > you should know what you are up to.
> > >
> > > Windows 2003 Security templates
> > >
> http://www.microsoft.com/technet/security/prodtech/windowsserver2003/secmod129.mspx
> > >
> > > "Eddie" <Eddie@discussions.microsoft.com> wrote in message
> > > news:2FD8E441-29F3-440F-892D-A688BD052EB6@microsoft.com...
> > > >I have a windows 2003 native mode domain. I want to use the high
> security
> > > > templates from microsoft. I have ran the security config analyzer
> which
> > > > show
> > > > me some of the changes that i believe will not cause any issues in my
> > > > domain.
> > > > Is there any gotchas I have to look out for? I am looking for some of
> the
> > > > common mistakes that people make deploying these templates.
> > >
> > >
> > >
>
>
>
- Next message: Roger Abell: "Re: Restricting other users"
- Previous message: Mehrdad Hakimzadeh: "Re: Protect Key Lost in computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
