|
Posted by Steven L Umbach on October 10, 2005, 7:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Sure you can do that. You should ALWAYS use the mmc snapin for Security
Templates to view any template to see exactly what it does before you use it
and you can use the Security Configuration and Analysis mmc snapin to
compare it to the existing computer configuration [be sure NOT to hot
configure during the process]. Also if problems arise do not delete the
GPO - just unlink it. That way you can always examine the settings it used.
I would also refer to the Windows 2003 Server Security Guide [see link
below] for detailed info on security settings and recommendations and it
comes with some templates. The security templates that come with Windows
2000/2003 should not be considered a one size fits all solution but a
starting point. Some of the ones for domain controllers should not be used
as they have incorrect settings particularly for services. You can easily
copy an existing security template to a new one and then modify it to suit
your needs. --- Steve
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
--- Security configuration tool info.
> Is it ok to use the windows hisec templates via a gpo to an ou. I want to
> apply this template through gpo to the server ou instead of doing it to
> the
> server itself. Is that ok? I figured if the template cause an issue I
> could
> just remove it and force a gpudate.
| 
XML site map