Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows 2000 local security policy

From: "Simon Taplin" <simont () lantic net>
Date: Fri, 24 Jan 2003 23:23:36 +0200
I also looked at using the NSA and CIS recommendations and landed up
breaking more stuff than I secured, Run it on a test machine or roll the
policy out slowly. Also, don't just use the NSA/CIS one but use them as a
basis to create your own.

Simon


Quote of the day:
Systems Administration is the kind of job that nobody notices if you're
doing it well. People only take notice of their systems when they're not
working.

-----Original Message-----
From: Tim V - DZ [mailto:iceburn () dangerzone com]
Sent: 22 January 2003 08:03
To: 'Mohamed Karmil Asgarally ( ZADCO ITS)'
Cc: 'Security-Basics'
Subject: RE: Windows 2000 local security policy


I think what'll help you best are the NSA's recommendations.  They give
you policy files for various setups...workstation vs server, various
OSes, etc

Even you decided that they are too rigid / not rigid enough ;-) there
are guides that outline all the options, what they do, and why the
picked the setting they did in order to allow you to make your own
decision.

The one word of warning is:  "read the documentation first."  If you
apply the policies they recommend, _something_ is sure to 'break' in
your everyday tasks.

http://www.nsa.gov/snac/index.html

-t

-----Original Message-----
From: Mohamed Karmil Asgarally ( ZADCO ITS) [mailto:Karmil () zadco co ae]
Sent: Saturday, January 18, 2003 10:38 PM
To: security-basics () securityfocus com
Subject: Windows 2000 local security policy

Hi All,

I am currently working on a solution to deploy local security policy
settings on users desktop running Windows 2000 professional.  I am aware
that group policies can be centrally managed from Windows 2000 server
active
directory.  However, i have currently only Windows Nt as server and we
are
using Novell Netware as authentication server.  The Windows NT server is
only to provide services such as Exchange.

If anyone can help me in:
*       how to create a policy template (probably in *.inf format)
*       how to deploy this template (probably through login script) to
the
desktops
*       how to audit the settings (to determine whether the policy
setting
has been properly updated or if there is any breach of security by
users)

I have heard of a tool called secedit.exe.  However, the help i have
obtained on how to use this tool is quite confusing.

I am open to any suggestions.  Please help as this is an urgent issue.

The policies i am trying to set are:
*       Audit policy
*       User rights assignment; and
*       Security policies

These policies are to be deployed to 1000+ desktop computers

Thanks to everyone for any help and suggestions

******************************************************
Scanned by @lantic IS Virus Control Service
eScan for Windows-based PCs - http://www.escan.co.za
MailScan for SMTP servers - http://www.mailscan.co.za
******************************************************
@lantic Internet Services (Pty) Ltd.
"Virus-FREE Internet!"
http://www.lantic.net



---

This email has been scanned by AVG Anti-Virus
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.445 / Virus Database: 250 - Release Date: 2003/01/21
Previous By Date Next
Previous By Thread Next

Current thread: