Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security template
- Thread starter leobis
- Start date
The best way is load Security Configuration and Analyses, then compare what you have there with what you have in your system (Open Database.., Analyze computer now,..). Then you will see the differences.
As about what hisecdc, basicdc,... the name is telling where should be applied. Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5
As about what hisecdc, basicdc,... the name is telling where should be applied. Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5
Pre-defined security templates
Windows 2000 Default Security Templates
Windows 2000 default security settings are applied only to Windows 2000—based systems that have been clean-installed on an NTFS partition. When computers are upgraded from Windows NT 4.0 or earlier, security is not modified. When Windows 2000 is installed on a FAT file system, security cannot be applied.
The following basic security templates are provided to secure upgraded NTFS computers in the same fashion as clean-installed NTFS computers:
Basicwk.inf for computers running Windows 2000 Professional.
Basicsv.inf for computers running Windows 2000 Server.
Basicdc.inf for domain controllers running Windows 2000 Server.
These security templates specify default Windows 2000 security settings for all security areas with the exception of User Rights and Groups.
Incremental Security Templates
Windows 2000 also ships with the following incremental security templates. These security templates were constructed based on the assumption that they would be applied to Windows 2000 computers that are configured with the new Windows 2000 default security settings. In other words, these templates incrementally modify the default security settings. They do not include the default security settings plus the modifications.
You should apply these incremental templates to Windows 2000 systems that have been clean-installed onto an NTFS partition. For NTFS computers that have been upgraded from Windows NT 4.0 or earlier, apply the corresponding basic template (as described above) before you apply any of the incremental security templates. Windows 2000 systems that are installed on FAT file systems cannot be secured.
Compatws.inf for workstations or servers. If you do not want your users to run as power users, the compatible configuration opens the default permissions for the Users group so that legacy applications are more likely to run correctly. Office 97 should run successfully when you are logged on as a User to a Windows 2000 machine that has had the compatible security template applied over the default settings. Note that this is not considered a secure environment.
Securews.inf for workstations or servers, and Securedc.inf for domain controllers provide a secure configuration. The secure configuration provides increased security for areas of the operating system not covered by permissions. This includes increased security settings for Account Policy, Auditing, and some well-known security relevant registry keys. Access control lists are not modified by the secure configurations because the secure configurations assume that default Windows 2000 security settings are in effect.
Hisecws.inf for workstations and servers, and Hisecdc.inf for domain controllers provide a highly secure configuration. The high security configuration is provided for Windows 2000 computers that operate in native Windows 2000 environments only. In this configuration, all network communications must be digitally signed and encrypted at a level that can only be provided by Windows 2000. Thus, communications between a Windows 2000 highly secure computer and a downlevel Windows client cannot be performed.
Windows 2000 Default Security Templates
Windows 2000 default security settings are applied only to Windows 2000—based systems that have been clean-installed on an NTFS partition. When computers are upgraded from Windows NT 4.0 or earlier, security is not modified. When Windows 2000 is installed on a FAT file system, security cannot be applied.
The following basic security templates are provided to secure upgraded NTFS computers in the same fashion as clean-installed NTFS computers:
Basicwk.inf for computers running Windows 2000 Professional.
Basicsv.inf for computers running Windows 2000 Server.
Basicdc.inf for domain controllers running Windows 2000 Server.
These security templates specify default Windows 2000 security settings for all security areas with the exception of User Rights and Groups.
Incremental Security Templates
Windows 2000 also ships with the following incremental security templates. These security templates were constructed based on the assumption that they would be applied to Windows 2000 computers that are configured with the new Windows 2000 default security settings. In other words, these templates incrementally modify the default security settings. They do not include the default security settings plus the modifications.
You should apply these incremental templates to Windows 2000 systems that have been clean-installed onto an NTFS partition. For NTFS computers that have been upgraded from Windows NT 4.0 or earlier, apply the corresponding basic template (as described above) before you apply any of the incremental security templates. Windows 2000 systems that are installed on FAT file systems cannot be secured.
Compatws.inf for workstations or servers. If you do not want your users to run as power users, the compatible configuration opens the default permissions for the Users group so that legacy applications are more likely to run correctly. Office 97 should run successfully when you are logged on as a User to a Windows 2000 machine that has had the compatible security template applied over the default settings. Note that this is not considered a secure environment.
Securews.inf for workstations or servers, and Securedc.inf for domain controllers provide a secure configuration. The secure configuration provides increased security for areas of the operating system not covered by permissions. This includes increased security settings for Account Policy, Auditing, and some well-known security relevant registry keys. Access control lists are not modified by the secure configurations because the secure configurations assume that default Windows 2000 security settings are in effect.
Hisecws.inf for workstations and servers, and Hisecdc.inf for domain controllers provide a highly secure configuration. The high security configuration is provided for Windows 2000 computers that operate in native Windows 2000 environments only. In this configuration, all network communications must be digitally signed and encrypted at a level that can only be provided by Windows 2000. Thus, communications between a Windows 2000 highly secure computer and a downlevel Windows client cannot be performed.
- Status
Similar threads
- Locked
- Question
- Locked
- Question