Re: A tool to manage security and reset default file and folder permissions
From: Durand (armoned@concentric.net)
Date: 06/25/02
- Next message: Steve Hebert: "Re: Admin password"
- Previous message: JT Garin: "Re: Forgotten password + more"
- In reply to: Roger Abell [MVP]: "Re: A tool to manage security and reset default file and folder permissions"
- Next in thread: Roger Abell [MVP]: "Re: A tool to manage security and reset default file and folder permissions"
- Reply: Roger Abell [MVP]: "Re: A tool to manage security and reset default file and folder permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Durand" <armoned@concentric.net> Date: Mon, 24 Jun 2002 20:44:59 -0400
Kent & Roger,
Came across this tool today before I read your post. I fiddled with it and
nearly wiped out my original security settings with the wrong template. I am
running WinXP pro and used the server domain template before I realized what the
abbreviations meant, and had to go back and apply the workstation template to
nearly restore my original security settings the I had originally tweaked. I
would say there is a reason this tool wasn't mentioned until now, it's user
beware, and if we don't know what we're doing when we come across something new,
it's kind of like pulling the pin out of a grenade before realizing what we're
dealing with. Perhaps stuff like this ought to be in a newsgroup that's for
advanced users.
Durand
"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:OXYZxfbGCHA.2684@tkmsftngp09...
| Hi Kent,
|
| I was glad to see the Sec Config Toolset being mentioned,
| and as you may by now have noticed I do not believe in
| hiding things from people. I guess my main note was to
| show that when one applies the whole template in order to
| reset (some of) the filesystem NTFS security, one is also
| reverting post-install changes particularly to the services
| and some areas in local policy.
|
| Other than that, I just was tossing in some added info for
| people interested since this is a very useful but somewhat
| difficult and dangerous tool.
|
| --
| Roger Abell
| MS MVP (Windows Platform), MCSE, MCDBA
| Associate Expert - Windows XP ExpertZone
| http://www.microsoft.com/windowsxp/expertzone
|
| "Kent W. England [MVP]" <kwe@mvps.org> wrote in message
| news:evpdwGXGCHA.2012@tkmsftngp08...
| > I guess you figure I gave the users too much power? I certainly don't
| > mind your note, but I would note about your note that the "setup
| > security" template should probably be loaded using the checkbox to clear
| > out other settings, but most of the other templates are add-ons and you
| > don't want to use that checkbox. OTOH, I really am not recommending
| > users to use other templates.
| >
| > I only wanted to describe the initial security template to restore to
| > initial setup after a goof modifying permissions. Let's go offline and
| > you can help me create a more appropriate template for my original
| > purpose. Perhaps the command line tool is a better way to use that
| > template?
| >
| > --
| > Kent W. England, MS MVP for Windows XP
| > (Please respond only in the newsgroup)
| >
| > Roger Abell [MVP] <mvpNOSPAM@asu.edu> wrote:
| >
| > > I would like to add a couple notes, hoping you do not mind :-)
| > >
| > > 1.
| > > When loading a template into the Sec Config and Analysis tool,
| > > notice that there is a checkbox to clear the database before import.
| > > For the type of use about which you have posted, one will almost
| > > certainly want to be sure to use this checkbox. Without, one ends
| > > up with a merging of the import with whatever is already in the
| > > database. Using the checkbox insures you are not dealing with any
| > > setting unintentionally.
| > >
| > > 2.
| > > Never simply import and apply a template, at least until you do
| > > know very well and thoroughly what is in the template. Rather,
| > > after the import, first use the feature to analyze the system. Then,
| > > review the differences between the imported template and the
| > > present system state. If one can accept the differences, then one
| > > would apply the template. If not, one can modify settings in the
| > > database to taste prior to applying (I usually do another analyze
| > > first).
| > >
| > > 3.
| > > You can retain analysis databases once built and use them directly.
| > > You can also export from a database to create a template that will
| > > reflect the database settings, which can be imported to recreate a
| > > database with those settings. Sometimes one needs to fool around
| > > a little, exporting multiple times, closing and reopening the tool,
| > > in order to get it to actually write the export correctly (a major bug
| > > in the W2k SP 2 release, IMO).
| > >
| > > 4.
| > > You can directly apply all or only parts of a database or template
| > > by use of the secedit command (secedit /?). One can also use this
| > > for exporting and for analysis.
| > > analyze
| > >
| > > 5.
| > > Templates are just text files. You can for example copy the
| > > defltwks.inf file or the Setup Security.inf and cut out all sections
| > > except the filesystem (and/or perhaps registry) in order to get
| > > a template that can be used as you have outlined, but not need
| > > to be concerned about changes to services, account policies, etc..
| >
|
|
--- Outgoing mail has been checked and is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 6/20/2002
- Next message: Steve Hebert: "Re: Admin password"
- Previous message: JT Garin: "Re: Forgotten password + more"
- In reply to: Roger Abell [MVP]: "Re: A tool to manage security and reset default file and folder permissions"
- Next in thread: Roger Abell [MVP]: "Re: A tool to manage security and reset default file and folder permissions"
- Reply: Roger Abell [MVP]: "Re: A tool to manage security and reset default file and folder permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
