Re: Security Templates?
From: Russ (rwsinclair@mcpmail.com)
Date: 11/14/02
- Next message: Chris: "Administrator cannnot install some software"
- Previous message: Pieee: "Problem in copying a file into Startup Folder"
- In reply to: Karl Levinson [x y] mvp: "Re: Security Templates?"
- Next in thread: JR: "Re: Security Templates?"
- Reply: JR: "Re: Security Templates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Russ" <rwsinclair@mcpmail.com> Date: Thu, 14 Nov 2002 07:37:00 -0800
Look for the Windows 2000 Security Operation Guide on MS
site. It explains all that.
>-----Original Message-----
>"JR" <johnnyrNOSPAM@bellsouth.net> wrote in message
>news:O0B086yiCHA.1688@tkmsftngp08...
>> Can anyone tell me what the following security template
on
>> a Win2000 DC is for: DC security.inf
>>
>> These I know:
>> basicdc - standard DC security
>> securedc.inf - higher level than basic
>> hisecdc.inf - high security on a DC
>> setup security.inf - use after an upgrade from WinNT
>>
>> Also, I've seen MS KB articles saying to use the
basicdc.inf to reset
>premissions on a
>> standard domain controller, but I've also seen a KB
article that says to
>use
>> basicdc.inf *and* setup security.inf. Anyone know the
difference beween
>the two?
>
>Look at the size of the two files. The basicdc.inf file
is nowhere near a
>comprehensive collection of all the security settings on
a DC. So, I
>recommend applying setup security.inf first to get the
machine to the state
>when it was first installed, then apply basicdc.inf to
get it to the state
>when it was first upgraded to a DC. I'm not sure if you
also need to apply
>the basicsrv.inf in between the two, but I probably would
do that as well,
>since if I remember correctly that file is much bigger
than the basicdc.inf
>file, implying that
>
>You can always open the files up in Notepad or Wordpad to
see exactly what
>they do and don't do... [or use the Security Configurator
MMC to compare the
>template or templates to your currently installed policy
to see what would
>change when you install the template. You can create a
new security
>database and then install the two or three templates to
that database in
>order, without blanking out the database during the
second and third
>imports, then compare the database to your computer and
read the plain text
>log in the documents and settings\username\local
settings\temp\ folder to
>see which settings are different.]
>
>Search www.microsoft.com/support for "dc security" - I
believe that's an
>older or alternate version, or a copy of the original
template that was
>actually used during the install or promotion of
Windows. I seem to
>remember seeing a KB article at the support site
describing how to use just
>that one template to restore the settings.
>
>
>
>.
>
- Next message: Chris: "Administrator cannnot install some software"
- Previous message: Pieee: "Problem in copying a file into Startup Folder"
- In reply to: Karl Levinson [x y] mvp: "Re: Security Templates?"
- Next in thread: JR: "Re: Security Templates?"
- Reply: JR: "Re: Security Templates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
