Security TemplatesSecurity templates are a collection of security settings in a format that can be applied to Windows computers to configure security. In Windows Server 2003 and Windows 2000, security templates exist as text files, but they are more easily understood and modified when displayed, as shown in Figure 11-1, in their own Security Templates Microsoft Management Console (MMC). A security template has many uses such as the following:Used to test the effect of security settings on a single computerImported into a Group Policy Object (GPO) and therefore used to secure servers, workstations, and users across an entire domain, or for a smaller portion of a domainImported into GPOs in multiple domains in order to provide consistent security to every domain in the forestApplied directly to a single computer that is or is not a member of a domainApplied via a script to multiple computersPeriodically reapplied to these computers via scripts or tasksUsed to audit security compliance Figure 11-1. Viewing Security Templates and settings.Using Incremental Templates and other Techniques to Provide Security for Infrastructure Servers," describes other security settings and additional security templates for computers with infrastructure roles. Each computer role and each server application provides unique security challenges, and you should study and apply appropriate security using any role- or application-specific tools they provide.Developing a security template is not difficult, but it does require intimate knowledge of Windows services and security settings. To make the job easier, Microsoft provides sample security templates as part of the operating system install, and special baseline and incremental templates are available for download. To inspect the provided security templates and provide a utility to manage any additional templates, build a security template console by doing the following:
Microsoft provides three types of templates: default templates that are used to set security during installation and dcpromo, basic templates provided with the operating system that can be used to modify security, and role templates provided with security white papers for specific operating systems. How to Use Security Templates to Secure Computers by Role." |