Re: GPO for trusted root CA certs

From: briandel@xxxxxxxxxxxxxxxxxxxx (Brian Delaney [MSFT])
Date: Wed, 08 Nov 2006 15:03:53 GMT

Hi Michael,

And how about protection of the network transport of GPO?

Are you referring to the application of a GPO over the network or
modifying? As far as I know by default all that is done to secure both is
SMB signing is required on Windows Server 2003 SP1 (possibly RTM as well)
and can be set to required on Windows 2000. SMB signing helps to prevent
an SMB session from being highjacked once established.

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Date: Wed, 08 Nov 2006 00:49:21 +0100
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@xxxxxxxxxxxx>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13)

Gecko/20060417

X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: microsoft.public.windows.server.security
Subject: Re: GPO for trusted root CA certs
References: <8bd624-r0a.ln1@xxxxxxxxxxxxxxxx>

<8BsuGcpAHHA.5200@xxxxxxxxxxxxxxxxxxxxx>

In-Reply-To: <8BsuGcpAHHA.5200@xxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <2li724-ace.ln1@xxxxxxxxxxxxxxxx>

Brian,

thanks for your quick answer.

Brian Delaney [MSFT] wrote:

So, I guess you could say that it secured in two ways. First of all you
have to have permissions to write to the SYSVOL\Policies folder to
create/modify a GPO and secondly you have to have permissions to the

gplink

and gpoptions attribute at the level you wish to link the policy.

And how about protection of the network transport of GPO?

Ciao, Michael.

References:
- GPO for trusted root CA certs
  - From: Michael Ströder
- RE: GPO for trusted root CA certs
  - From: Brian Delaney [MSFT]
- Re: GPO for trusted root CA certs
  - From: Michael Ströder

Prev by Date: Re: SCW question.
Next by Date: Re: SCW question.
Previous by thread: Re: GPO for trusted root CA certs
Next by thread: Re: GPO for trusted root CA certs
Index(es):
- Date
- Thread

Relevant Pages

GPO not applying. Please help
... i have tried to duplicate the same settings and permissions. ... The group that has been added to the GPO has read and apply Group ... and apply policy permissions rather than special and apply policy. ... This seems to be the only difference from my other network. ...
(microsoft.public.win2000.group_policy)
Re: GPO not applying. Please help
... > I have configured the GPO to the required settings and added ... > has the membership of all the users on the network. ... > although when looking at the advanced permissions i notice ... > that this group has read and apply policy permissions rather ...
(microsoft.public.win2000.group_policy)
Re: Is there any way to print a list of the GPOs in a domain?
... How did it screw up WMI? ... Secure and configure your Windows desktops accurately every time without having to learn or install new technology. ... have somehow made a GPO setting that screws up WMI and none of the experts I have shown the GPO to can figure out what part if it doing it! ... "Darren Mar-Elia" wrote in message ...
(microsoft.public.windows.group_policy)
Re: Intermittant GPO failure to apply
... Gigabit have blocked the GPO applied, ... fluctuates as the network adapter driver initializes and as the network ... |> Value Name: DisableDHCPMediaSense ...
(microsoft.public.windows.server.sbs)
Re: Loopback Processing
... As long as loopback is set in one GPO, ... >to be set in any other GPO that falls with the hierarchy? ... >why does it still apply the User Configuration settings. ... >>computer provided it has permissions to the GPO's. ...
(microsoft.public.windows.group_policy)