Re: security template file import

From: Graham Turner (gturner_at_ipcomputers.demon.co.uk)
Date: 09/15/03 

Date: Mon, 15 Sep 2003 16:31:45 +0100

have gone a bit further into this.

further errors being experienced are an error "windows cannot import the
template from ....." if we check the "clear database before importing"

thanks

GT

"Graham Turner" <gturner@ipcomputers.demon.co.uk> wrote in message
news:O7zPKl2eDHA.560@tk2msftngp13.phx.gbl...
> this is a follow up to a previous post of mine titled "clear the database
> before importing" which i closed on account of other issues but now it
seems
> down to the refresh of GPO values that are imported from a security
template
> file
>
> we have used as a base line for the security of the domain controllers
> security templates from Microsoft security operations guide
>
> these have required modification to meet the site requirement
>
> eg we have modified the startup value of the spooler service to a value
> which is i think is the first value (changed from 4 to 2) after the
service
> name
>
> the security template has been subsequenlty reimported following this
change
> but for some reason the value in the registry does not change
>
> this suggests quite clearly that a previous value is "sticking" and
contrary
> to information in a previous post is not being overwritten as it should be
>
> observed behaviour is that other registry values such as restrictanonymous
> are being updated correctly
>
> perhaps this is behaviour with refresh of service startup values ??
>
> is this a known issue ??
>
> would seem that the fix is to check the clear database before importing
the
> template file
>
> this would be consistent with the listing of multiple entries for each
value
> from the security template file when you view the Domain Controller
security
> policy
>
> wanted to understand the impact of this before doing so -
>
> have established that this relates to secedit.sdb (presumably on the
client
> that processes the GPO ?)
>
> i wanted to fully understand the client side processing of the securty
> settings of a GPO - and by implication then the impact of the "clear
> database before importing"
>
> when we import the template does this somehow flag the GPO so that
> scecli.dll on the client that processes the GPO removes all values from
its
> local secedit.sdb before processing the GPO ??
>
> GT
>
>
>

Relevant Pages

  • Re: Installer and Security
    ... you have to import the template into a security database before you ... I think SECEDIT will also import the template to a database too, ... unless you find and run the ADMINPAK.MSI file to install the extra MMCs]. ...
    (microsoft.public.win2000.security)
  • Re: security template file import
    ... one of the more "well documented" features of the GPO based security policy. ... modify the security template - ...
    (microsoft.public.win2000.security)
  • Re: security template file import
    ... gpttmpl.inf in the secedit folder of the GPO file system folder ... > in here is a single file - GPTTMPL.INF that lists the securtiy settings ... > as i can see is a copy of an imported security settings file) - is this ... >> template outside of the GPO which you edit to contain all the security ...
    (microsoft.public.win2000.security)
  • Re: A tool to manage security and reset default file and folder permissions
    ... > Click "Security Configuration and Analysis" and click Add. ... > In the console tree, right-click Security Configuration and Analysis, ... Setup Security template as a whole. ... notice that there is a checkbox to clear the database before import. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: security template file import
    ... one final and very specific issue on security / GPO. ... the observed behaviour when using an imported security template is that we ... When policy propagated it would just ...
    (microsoft.public.win2000.security)
Loading