Security Templates
|
Rather Have Fast and Secure Remote
Control?
|
Another MMC snap-in, Security Templates, allows you to view and configure template settings, as well create new templates. Templates files are in an .inf format, readable in any text editor. A small example of the password policy settings of a template file are shown below:
[System Access]
;----------------------------------------------------------------
;Account Policies - Password Policy
;----------------------------------------------------------------
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 0
PasswordHistorySize = 0
RequireLogonToChangePassword = 0
ClearTextPassword = 0
Windows 2000 provides a number of templates by default. You should have an understanding on the provided template files and why you would use them. The names of templates provide an idea of when/how they are to be used. The last two letters in the template file name (before the .inf extension) usually tell you which type of system a template is meant for – WS for a workstation, DC for a domain controller, SV for a server. For example, the hisecws.inf identifies the template as applying highly secure settings to a workstation. Beyond this, there are five main security levels outlined in the default templates, with each outlined below:
Basic*.inf – Basic. These templates apply the default security configuration to a system. These would be useful if you set too high a level of security on a system and wanted to return settings back to the default.
Compat*.inf – Compatible. Windows 2000 gives members of the Users group more strict security settings than in NT 4.0. As such, some applications (such as those certified for NT 4 but not Windows 2000) may not function correctly (or potentially at all) on Windows 2000. When this template is applied, applications run under the Power Users level of privilege, even though the user may not have that level of access.
Secure*.inf – Secure. Contains settings recommended for securing a system except for those relating to files, folders, and registry keys, which are configured securely by default.
Hisec*.inf – Highly Secure. Provides settings to provide a much higher level of protection, including network security. In this configuration, a system can only communicate with other Windows 2000-based systems, for example.
Dedica*.inf – Dedicated Domain Controller. Contains recommended security settings for a domain controller that is not also acting as an application server.
Template files are stored in %systemroot%\security\templates by default.
Written by Dan DiNicolo - Visit Website
Next post in Windows 2000:
Using IPSec to Secure TCP/IP Traffic
Next post in Security:
Using IPSec to Secure TCP/IP Traffic
Previous post in Windows 2000:
Security Configuration and Analysis
Previous post in Security:
Security Configuration and Analysis
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
