Security Basics mailing list archives
RE: Windows 2000 local security policy
From: "Simon Taplin" <simont () lantic net>
Date: Fri, 24 Jan 2003 23:23:36 +0200
I also looked at using the NSA and CIS recommendations and landed up breaking more stuff than I secured, Run it on a test machine or roll the policy out slowly. Also, don't just use the NSA/CIS one but use them as a basis to create your own. Simon Quote of the day: Systems Administration is the kind of job that nobody notices if you're doing it well. People only take notice of their systems when they're not working. -----Original Message----- From: Tim V - DZ [mailto:iceburn () dangerzone com] Sent: 22 January 2003 08:03 To: 'Mohamed Karmil Asgarally ( ZADCO ITS)' Cc: 'Security-Basics' Subject: RE: Windows 2000 local security policy I think what'll help you best are the NSA's recommendations. They give you policy files for various setups...workstation vs server, various OSes, etc Even you decided that they are too rigid / not rigid enough ;-) there are guides that outline all the options, what they do, and why the picked the setting they did in order to allow you to make your own decision. The one word of warning is: "read the documentation first." If you apply the policies they recommend, _something_ is sure to 'break' in your everyday tasks. http://www.nsa.gov/snac/index.html -t -----Original Message----- From: Mohamed Karmil Asgarally ( ZADCO ITS) [mailto:Karmil () zadco co ae] Sent: Saturday, January 18, 2003 10:38 PM To: security-basics () securityfocus com Subject: Windows 2000 local security policy Hi All, I am currently working on a solution to deploy local security policy settings on users desktop running Windows 2000 professional. I am aware that group policies can be centrally managed from Windows 2000 server active directory. However, i have currently only Windows Nt as server and we are using Novell Netware as authentication server. The Windows NT server is only to provide services such as Exchange. If anyone can help me in: * how to create a policy template (probably in *.inf format) * how to deploy this template (probably through login script) to the desktops * how to audit the settings (to determine whether the policy setting has been properly updated or if there is any breach of security by users) I have heard of a tool called secedit.exe. However, the help i have obtained on how to use this tool is quite confusing. I am open to any suggestions. Please help as this is an urgent issue. The policies i am trying to set are: * Audit policy * User rights assignment; and * Security policies These policies are to be deployed to 1000+ desktop computers Thanks to everyone for any help and suggestions ****************************************************** Scanned by @lantic IS Virus Control Service eScan for Windows-based PCs - http://www.escan.co.za MailScan for SMTP servers - http://www.mailscan.co.za ****************************************************** @lantic Internet Services (Pty) Ltd. "Virus-FREE Internet!" http://www.lantic.net --- This email has been scanned by AVG Anti-Virus Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 2003/01/21
Current thread:
- RE: Windows 2000 local security policy dave (Jan 23)
- <Possible follow-ups>
- Re: Windows 2000 local security policy c-foo (Jan 23)
- RE: Windows 2000 local security policy Simon Taplin (Jan 27)