Re: Information Wanted: Sec Conf Analysis Tool WITHOUT AD
From: Nick Finco [MS] (nfinco@online.microsoft.com)
Date: 04/04/03
- Next message: Liz: "Re: Access to Performance Counters on Remote Machine"
- Previous message: Matthew Mucker [MSFT]: "Re: disable USB key"
- In reply to: B. Goodman: "Information Wanted: Sec Conf Analysis Tool WITHOUT AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nick Finco [MS]" <nfinco@online.microsoft.com> Date: Thu, 3 Apr 2003 14:42:34 -0800
Some security settings won't take effect until after a reboot. The security
database %windir%\security\database\secedit.sdb contains the local policy
information. You can only edit this through the Local Security Policy
utility. The log files in %windir%\security are used for database
transactions when dealing with any security database. In an NT4 domain, you
only have local policy so the computer acts like a standalone server.
This site has more information on SCE.
http://www.ists.dartmouth.edu/IRIA/knowledge_base/sectemplates/sectemplates.htm
N
-- This posting is provided "AS IS" with no warranties, and confers no rights. "B. Goodman" <no@spam.org> wrote in message news:MPG.18f3831d51cf74079896f4@msnews.microsoft.com... > I am looking for some reliable, in-depth information on using the > Security Analysis and Configuration Tool and the Secedit tool on Win 2K > Professional (workstations) in an NT 4 domain environment. It seems > most of the information is geared toward Active Directory > implementations, which we do not have. > > We have been able to accomplish many of the basics via batch files, such > as things like: > secedit /CONFIGURE /VERBOSE /DB %systemroot%\security\Database > \addsec.sdb /CFG %systemroot%\Security\Templates\%inf% > > But sometimes, it seems like some settings are not applied consistently > or at least not immediately. One person has told me that he has given > up trying to understand this tool to any great depth. He says that > usually rebooting two or three times in succession is all that is needed > to get all the settings to take effect. > > I have seen speculation that some configuration information is stored in > the log files located at %systemroot%\security, but I cannot confirm > that this is the case. > > I guess most of the Win 2K security work is being implemented under > Active Directory, but I would certainly appreciate some links, book > references, etc. that could help me get a deeper understanding of these > two tools in an NT 4 domain. > > Thank you.
- Next message: Liz: "Re: Access to Performance Counters on Remote Machine"
- Previous message: Matthew Mucker [MSFT]: "Re: disable USB key"
- In reply to: B. Goodman: "Information Wanted: Sec Conf Analysis Tool WITHOUT AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
