Re: Security config and analysis on AD DC
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 06/25/03
- Next message: Jeff: "Files from old domain in new domain"
- Previous message: Roger Abell [MVP]: "Re: Reset to previous day"
- In reply to: Bob Williamson: "Security config and analysis on AD DC"
- Next in thread: Bob Williamson: "Re: Security config and analysis on AD DC"
- Reply: Bob Williamson: "Re: Security config and analysis on AD DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 00:29:20 -0700
Bob,
Here are some ideas to consider, not intended as a full
set of recommendations/practices.
But first, your ?? 2 : It all depends on the order of application
you give the GPO by moving it up or down on the list of GPOs
linked to the contrainer.
Do not link a GPO to a production system if you do not
know every policy that it sets.
If you are experimenting with policies that can only be set
at the domain level, or that are to be applied to domain
controllers, do it on a test domain.
If the policies can be applied at the OU level, a test OU
in a production domain might be acceptible.
You can export security settings from existing policy, but you
cannot export all sections of policy (registry, file store, etc.)
Never-the-less the time spent profiling an existing system
with a template that reflect all settings in all sections can
be worth the effort, mostly in a stand-alone situation.
You can analyze a system and save the analysis database,
which can later be opened and applied (again, of more
use in a stand-alone situation).
When you are about to apply a policy, you can first make a
copy of the policy and in the copy go through the settings
one by one and change them to reflect the current config.
With this, one can if needed reverse any settings that
imprinted when you applied the policy (that is preferences
that are not removed when the applied policy is removed)
Do not make a mass number of changes at one time. Go
slow so that if/as you have issues you can easily tell what
setting was the cause of the unexpected result.
Use the GPMC, especially if you have W2k3 allowing you
to do resultant set of policy modeling.
You really did not mention in what environment you will be
doing this, stand-alone or AD, or which version OS, so the
above are rather generic.
-- Roger "Bob Williamson" <Bwilliamson@Eisenhowerlaw.com> wrote in message news:eJbChxqODHA.3700@tk2msftngp13.phx.gbl... > I am preparing to use the Security config and analysis tool on my network > and am concerned of messing things up......thus the following: > > 1. Is there a way to "backup" my current configuration in case things go > south on me? I would hate to apply the templates to find out I really > messed things up. I understand that there is a "Setup Security" template, > but that does not fit my current config...obviously I am missing something > here as it can not be this hard. > > 2. When applying the template to a DC will these changes affect the changes > that I have already made in my GPO? I believe it will..... > > Any other suggestion or tips would be appreciated, > Bob > >
- Next message: Jeff: "Files from old domain in new domain"
- Previous message: Roger Abell [MVP]: "Re: Reset to previous day"
- In reply to: Bob Williamson: "Security config and analysis on AD DC"
- Next in thread: Bob Williamson: "Re: Security config and analysis on AD DC"
- Reply: Bob Williamson: "Re: Security config and analysis on AD DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
