Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

Create a Security Template

To speed the process of
configuring security settings, you can create a template containing
predefined security settings. WS2003 includes a number of default
templates, but you can also create your own security templates using
the Security Templates snap-in. Add this snap-in to a new or existing
MMC console and do the following:

Right-click the template search path node New Template specify a name and description select and expand the new template in the console tree double-click on a policy define this policy setting in the template specify parameters repeat for any policies that need to be configured

Once you create a new security template, you can import it into a GPO
to apply it to computers in a domain or OU (see the next task) or use
it to analyze security on a local computer (see the later task).

Import a Security Template

You can import into a GPO
either one of the default security
templates included in WS2003 or a custom template you have created.
To do this, open the desired GPO using Active Directory Users and
Computers and then:

Computer Configuration Windows Settings right-click on Security Settings Import Policy select

.inf file for template Open

Apply a Security Template to a Computer

Several steps are involved. First, you create a
security-configuration database and specify a template to be imported
into the database:

Security Configuration and Analysis console right-click Security Configuration and Analysis Open database specify a database name to create a new database Open select a security template select "Clear this database" before importing Open

In the previous steps, if you don't select
"Clear this database" before
importing, then the settings you import will be merged with the
existing security settings instead of overwriting them. If you
already have a database, you can open it instead of creating a new
one (specifying a new name creates a new database) and then import a
template into the database. Next, you need to configure your computer
to use the imported template:

Right-click Security Configuration and Analysis Configure Computer Now

A dialog box will show progress as the settings are applied. Once
this is finished, you should analyze your settings as follows:

Right-click Security Configuration and Analysis Analyze Computer Now

This compares the security configuration of your machine with the
information stored in the configuration database file
(

.sdb file). Once this process is finished, you
can either read the log file created by doing this:

Right-click Security Configuration and Analysis View Log File

or you can view the comparison information by doing this:

Expand the Security Configuration and Analysis container view analysis results for each setting

A green check mark means a setting is consistent; a red flag means a
discrepancy; nothing means the setting is not configured.

Create a Custom Security Template

You can either create a new
template from scratch or copy an existing one, which may be less work
if the configuration you desire is close to one of the default
configurations included in the template search path,

C:\Windows\Security\Templates .

To create a new template from scratch:

Security Templates console right-click on templates search path container New Template specify a name and description configure settings for new template as desired

To copy an existing template and modify the copy:

Security Templates console right-click on a template to copy Save As specify a name for the copy Save configure settings for copied template as desired