Re: Secedit and Domain Controller Security Policy

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/05/05 

Date: Tue, 4 Oct 2005 18:18:49 -0500

You configure the appropriate domain/OU Group Policy. You can import
security templates and the settings will apply to the computers in the OU
[and possibly child OU's of the parent]. You can use existing security
templates or create your own from new or modifying an existing one from a
copy. Beware that some of the security templates that come with Windows 2003
are bad in that they disable critical services for domain controllers so
always review a security template before importing. The domain controller
container is really an OU though you don't usually see it called that. For
domain controllers I suggest that instead of modifying the default Domain
Controller Security Policy that you add a new Group Policy to the domain
controller OU and modify that GPO and place it at the top of the list of
GPO's linked to the container. That way you have a quick way to restore
default settings by unlinking the new GPO if things go wrong. --- Steve

"hsd31" <hdhanjal@gmail.com> wrote in message
news:1128451021.698796.3250@g47g2000cwa.googlegroups.com...
> My understanding is that secedit is for Local Machine Security Policy
> only. Is there a tool similar to secedit for automating Domain
> Controller Security Policy settings.
>

Relevant Pages

  • Re: Blocking port scans on local network
    ... You can implement enumeration of SAM accounts and shares with probably no ... on domain controllers via Domain Controller Security Policy depending of ... domain computer that has a "require" ipsec policy assigned to it. ... between domain computers and domain controllers as the domain controllers ...
    (microsoft.public.win2000.security)
  • Re: Continual errors - Event ID 1030 and 1058 on DC
    ... This article will help you check the security rights on the sysvol ... Domain controllers have the read and apply rights to the Domain ... Controllers Policy. ...
    (microsoft.public.windows.group_policy)
  • Re: Blocking port scans on local network
    ... > additional restrictions for anonymous connections in this security guide. ... > do not recommend applying ipsec policy wide scale without some testing of ... > between domain computers and domain controllers as the domain controllers ...
    (microsoft.public.win2000.security)
  • Re: Viewing Local Security Policy on Windows 2003 Member Server?
    ... Windows ships with a default security set up that is defined by regular security templates, ... Those templates can be view using the Security Templates editor MMC snap-in and can show you what the default settings are prior to joining a domain. ... Script Group Policy Settings with the GPExpert Scripting Toolkit for PowerShell! ... Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy Information Hub: ...
    (microsoft.public.windows.group_policy)
  • Re: Security Treats
    ... -- No or poor password and account lockout policy. ... -- Misconfigured operating systems - particularly domain controllers and dns. ... -- Not using Group Policy to manage/enforce Internet Explorer security settings. ... -- Not physically securing sensitive computers, ...
    (microsoft.public.win2000.security)