Re: question on setting security
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 10 Nov 2006 10:03:12 -0700
When you merge settings by importing multiple templates into
a sdb in merge mode, they are merged, but not as you expect.
Each policy setting is handled all-or-none, that is, the last
loaded template that specifies a particular setting specifies
the complete, total and exclusive, value for that setting.
In your scenario, the last-loaded IIS template needs to state
both ASPNET and Guests for the Deny local logon settings.
"Special Access" <nonyabidnezz@xxxxxxxxxxx> wrote in message
news:udr7l2dc41nd2101op970qpkf3fugkjna3@xxxxxxxxxx
I have a server that I secured using an INF template we created. Now
they installed IIS and changes were made to the settings. We have a
template that documents the changes in the security settings (iusr,
iwam, iis_wpg and aspnet were added to several user rights) and want
to import that into the original SDB.
Problem is when we import and configure using the second template,
some of the settings are completely over written by it rather than
augmented by it. For example, deny local logon is set to GUESTS by
the original template. When we add IIS, ASPNET is added to this
right. However after we configure the computer with the new template
only ASPNET is listed.
We are using secedit in a script to do this. First we configure with
our security template to create the SDB file, then we configure with
the IIS template.
Obviously I'm doing something wrong here. I would expect the end
result to be a combination of the two templates but any place the
second template makes changes I'm only seeing those changes.
Help?!
Mike
.
- Prev by Date: Re: Role-based security from Windows Server 2003 Security Guide gives problems
- Next by Date: Re: question on setting security
- Previous by thread: Problem with permissions
- Next by thread: Re: question on setting security
- Index(es):
Relevant Pages
|
|
