Re: Security Templates?
From: JR (johnnyrNOSPAM@bellsouth.net)
Date: 11/14/02
- Next message: Alen: "Certificate Services with multiple forests"
- Previous message: grandpoobah: "Re: Administrator cannnot install some software"
- In reply to: Russ: "Re: Security Templates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "JR" <johnnyrNOSPAM@bellsouth.net> Date: Thu, 14 Nov 2002 16:30:45 -0500
Thanks All!
"Russ" <rwsinclair@mcpmail.com> wrote in message news:81d801c28bf3$ac408ae0$3bef2ecf@TKMSFTNGXA10...
> Look for the Windows 2000 Security Operation Guide on MS
> site. It explains all that.
>
> >-----Original Message-----
> >"JR" <johnnyrNOSPAM@bellsouth.net> wrote in message
> >news:O0B086yiCHA.1688@tkmsftngp08...
> >> Can anyone tell me what the following security template
> on
> >> a Win2000 DC is for: DC security.inf
> >>
> >> These I know:
> >> basicdc - standard DC security
> >> securedc.inf - higher level than basic
> >> hisecdc.inf - high security on a DC
> >> setup security.inf - use after an upgrade from WinNT
> >>
> >> Also, I've seen MS KB articles saying to use the
> basicdc.inf to reset
> >premissions on a
> >> standard domain controller, but I've also seen a KB
> article that says to
> >use
> >> basicdc.inf *and* setup security.inf. Anyone know the
> difference beween
> >the two?
> >
> >Look at the size of the two files. The basicdc.inf file
> is nowhere near a
> >comprehensive collection of all the security settings on
> a DC. So, I
> >recommend applying setup security.inf first to get the
> machine to the state
> >when it was first installed, then apply basicdc.inf to
> get it to the state
> >when it was first upgraded to a DC. I'm not sure if you
> also need to apply
> >the basicsrv.inf in between the two, but I probably would
> do that as well,
> >since if I remember correctly that file is much bigger
> than the basicdc.inf
> >file, implying that
> >
> >You can always open the files up in Notepad or Wordpad to
> see exactly what
> >they do and don't do... [or use the Security Configurator
> MMC to compare the
> >template or templates to your currently installed policy
> to see what would
> >change when you install the template. You can create a
> new security
> >database and then install the two or three templates to
> that database in
> >order, without blanking out the database during the
> second and third
> >imports, then compare the database to your computer and
> read the plain text
> >log in the documents and settings\username\local
> settings\temp\ folder to
> >see which settings are different.]
> >
> >Search www.microsoft.com/support for "dc security" - I
> believe that's an
> >older or alternate version, or a copy of the original
> template that was
> >actually used during the install or promotion of
> Windows. I seem to
> >remember seeing a KB article at the support site
> describing how to use just
> >that one template to restore the settings.
> >
> >
> >
> >.
> >
- Next message: Alen: "Certificate Services with multiple forests"
- Previous message: grandpoobah: "Re: Administrator cannnot install some software"
- In reply to: Russ: "Re: Security Templates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
