Re: how to apply w2k security to w2k member servers under w2k3 dom
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/07/05
- Next message: Steven L Umbach: "Re: Shutdown/Removed Power User rights from desktop"
- Previous message: Steven L Umbach: "Re: Windows 2000 Patches (MBSA)"
- In reply to: ben: "Re: how to apply w2k security to w2k member servers under w2k3 dom"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Apr 2005 20:31:57 -0500
OK. You may be able to find that you can do what with Windows 2003
templates. It's just that the security options that do not exist in Windows
2000 will not be applied and that other security options have been renamed.
The one security option that may be confusing is the security option for
"additional restrictions for anonymous access" which has been split into a
couple different security options in Windows 2003. If you have the need to
configure "additional restrictions for anonymous access" to be "no access
without explicit anonymous permissions" I am not sure if that can be done
with a Windows 2003 security template. The Security Configuration and
Analysis mmc snapin is always the best way to see exactly what security
policy is being applied to any computer. Keep in mind that the disable
storage of lmhash security option will not apply to Windows 2000 computers -
it requires a registry change. --- Steve
"ben" <ben@discussions.microsoft.com> wrote in message
news:37E93A8A-BD2B-4458-B2B2-CA29423B6C0C@microsoft.com...
> thanks, steven
>
> "Steven L Umbach" wrote:
>
>> Yes you can do exactly what you propose and it makes good sense. Create
>> separate OU's for your Windows 2000 servers and use an OU with a Windows
>> 2000 security template imported into it. Do not mix and match security
>> templates between Windows 2000 and Windows 2003 computers as you may have
>> unpredictable results. For domain controllers however do NOT move any out
>> of
>> the default domain controllers container. You can however create separate
>> OU's inside of the domain controllers container if need be. Use the
>> Security
>> Configuration and Analysis mmc snapin to verify the effective security
>> policy applied to your servers to make sure security settings are what
>> you
>> expect. The biggest difference in security templates is security options
>> as
>> Windows 2003 has several more than Windows 2000 and many have been
>> named. --- Steve
>>
>>
>> "ben" <ben@discussions.microsoft.com> wrote in message
>> news:AF1F769B-D2AF-48AF-9A7C-E8D928C9EAC0@microsoft.com...
>> > hi,
>> >
>> > I have one w2k3 AD domain, all dcs are w2k3, 80% servers are w2k3
>> > servers,
>> > 20% are w2k servers, I can apply w2k3 member server baseline security
>> > to
>> > all
>> > w2k3 servers and then apply customized security templates to them
>> > according
>> > to specific roles, but how to manage the security to w2k servers using
>> > GPO?
>> > if put all w2k servers into one OU and apply baseline security, how to
>> > apply
>> > the w2k security template to w2k servers under w2k3 domain? can I just
>> > import the w2k security template into w2k3 GPO and link to w2k servers
>> > OU?
>> >
>> >
>> > thanks!
>>
>>
>>
- Next message: Steven L Umbach: "Re: Shutdown/Removed Power User rights from desktop"
- Previous message: Steven L Umbach: "Re: Windows 2000 Patches (MBSA)"
- In reply to: ben: "Re: how to apply w2k security to w2k member servers under w2k3 dom"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
