Re: converting to NTFS

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/20/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Thu, 19 Dec 2002 19:42:58 -0500

I"m sorry, I don't have Windows 2000 in front of me, but when running
SECEDIT you have to first import the templates into a brand new security
database file that you create yourself using SECEDIT, and then you apply
that security database to your computer.

When you do the last step, there is a particular switch that allows you to
just apply the NTFS file permissions, it has the word "AREA" in it. Click
Start, Run, SECEDIT, OK to see the documentation that describes this.

The template files are located somewhere like: c:\winnt\security\template\

It might be easiest to do the first step [creating and saving the security
database by importing first the Setup Security.inf template followed by
basicwk.inf or whatever] using the GUI, e.g. Start, Run, MMC, click OK,
click Console menu at the top to add the Security Configuration and Analysis
snap in, then OK, OK, and click on the SCA icon / folder that appears to get
more information.

"bamadjc" <bamadjc@hotmail.com> wrote in message
news:0b3c01c2a76a$a218a010$8bf82ecf@TK2MSFTNGXA05...
> Any more help on using the SECEDIT command to apply
> security templates, and workstation templates. I have
> limited experience with 2000 and this is blowing me away!!
>
> >-----Original Message-----
> >This is by design. When you convert, the default
> permission is
> >Everyone:Full to everywhere. You can and should fix this
> by using the
> >SECEDIT command to apply the default NTFS file
> permissions from the Setup
> >Security template, then apply the permissions from the
> other relevant
> >templates, such as basicwk.inf for workstations, etc.
> Just applying
> >basicwk.inf without first applying setup security.inf
> will not fix all your
> >settings.
> >
> >Do Start, Run, SECEDIT, OK to get more information about
> using Secedit.
> >Also:
> >
> >http://securityadmin.info/faq.htm#4.41
> >
> >Best is to install Windows onto an NTFS partition to
> begin with, though this
> >is almost as good.
> >
> >To lock down the users folders, you may have to do that
> yourself manually or
> >using the CACLS command.
> >
> >
> >"bamadjc" <bamadjc@hotmail.com> wrote in message
> >news:00ce01c2a6d3$f96bd860$d6f82ecf@TK2MSFTNGXA13...
> >> After converting windows 2000 to NTFS from Fat32.
> Security
> >> is not correct. Each user in the documents settings
> folder
> >> can open the other users folders???????
> >
> >
> >.
> >

Relevant Pages

  • Re: Customzing Security Template Files
    ... As you work with the Security Templates and the Security Configuration ... (which by the way also tells you where the permissions are persisted, ... >>> When configuring a service using the Security Template snapin, ...
    (microsoft.public.security)
  • Re: winntsystem32
    ... "secure server" templates] is to change the permissions on just the .EXE ... Or, look at the security ... NTFS permissions. ...
    (microsoft.public.win2000.security)
  • Re: Normal folder permissions
    ... I thought I had a good technet URL to describe these templates, ... To add Security Configuration and Analysis to an MMC console click ... your My Documents files inherit permissions from the>> My Documents folder and this usually has full permissions for ... >>> What are the normal permissions supposed to be for folders like those>>> in MyDocuments or c:\temp and such? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security Templates
    ... Be careful applying templates, as ... > templates with the secedit ... You can apply security templates using the secedit command which can be ...
    (microsoft.public.win2000.security)
  • Re: custom security template
    ... Open the .inf templates in the mmc security templates snapin where you will ... have to move them ino the default folder or point to them. ... >;File and Folder Permissions. ...
    (microsoft.public.security)