Re: Server 2003 Security Templates

I doubt there will be a problem since Windows 2000 will ignore security
template settings it does not understand that can be applied to Windows
2003. What you could do is use the Security Configuration and Analysis mmc
snapin to "analyze" the computer against the proposed security template to
see exactly what is changed and you can also use the mmc snapin for
templates to review the changes the security template will do which in my
opinion is a must do before you import any security template and you need to
understand what each change will do and how it will impact your computer and
network/domain. You can use the Windows 2003 Security Guide, the XP Security
Guide, and the Threats and Countermeasures Guide to find more information on
security settings and recommended settings depending on your needed security
level and domain configuration.

I also strongly recommend that you make a System State backup of at least
one domain controller before you do any changes so that you have a rollback
plan that could be possible with an authoritative restore of AD though that
may not help if you import a template directly into the local Security
Policy of a domain controller which I do not recommend but instead use a
Group Policy other than the default domain controller GPO linked to the
domain controller container for changes you want to apply to domain
controllers. For other domain computers the security template would need to
be imported into a GPO [I do not recommend using any default GPO] that is
linked to a container/OU that has scope of management over the computers you
want to impact. --- Steve

http://www.microsoft.com/technet/security/default.mspx --- Technet
Security homepage where you can download mentioned security guides.
http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.mspx
-- Threats and Countermeasure from Microsoft

"dtremain" <dtremain@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5455266-58F5-4F72-8BA3-23177AD94369@xxxxxxxxxxxxxxxx
>I was wondering if a 2003 sec template could be imported to a 2000 domain
> controller - the workstations in the office are all running XP Pro and I
> would like to have the security control that comes with 2003 as opposed to
> 2000. Would I run into any kind of obsticals if I imported templates and
> applied group policy across the domain?


.

Relevant Pages

  • Re: Network + AD = Tighten Security
    ... > Dear Steve, ... >> addition I would enable auditing of logon events on the domain controller ... >> zones of your users to have minimum settings and taking advantage of the ... You should also run Microsoft Baseline Security ...
    (microsoft.public.win2000.security)
  • Re: Network + AD = Tighten Security
    ... > addition I would enable auditing of logon events on the domain controller ... > zones of your users to have minimum settings and taking advantage of the ... If you do not want users to install unauthorized software ... You should also run Microsoft Baseline Security ...
    (microsoft.public.win2000.security)
  • Re: security template file import
    ... i sort a little more comfortable going through the reimport of the security ... in here is a single file - GPTTMPL.INF that lists the securtiy settings (and ... when the DC as a group policy client downloads the GPO it sticks the ... > template outside of the GPO which you edit to contain all the security ...
    (microsoft.public.win2000.security)
  • Re: MICROSOFT_AUTHENTICATION_PACKAGE
    ... Is the security option "additional restrictions for anonymous connections" - ... changes to the Local Security Policy of a domain controller, ... then examine the settings in the Local Security ... domain machine if you changed domain security policy. ...
    (microsoft.public.win2000.security)
  • Re: Group Policy Defaults
    ... > reapply the entire template. ... > between an import of security policy out of a template as compared ... The settings displayed in the Local Security Settings snapin now ...
    (microsoft.public.windowsxp.security_admin)