Security Template Problem

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am applying both file and registry permissions for an application
running on a Windows 2003 Server by using a template imported into a
Group Policy object. I now wish to return the registry settings to
those inplace prior to the linking of this new GPO. Can I achieve this
by simply unlinking the GPO and then waiting until the server settings
have updated?

What woould be the effect of simply deleting the GPO?

Regards

Gemel

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

If you delete or unlink the gpo all settings previous to the application of
this gpo should be re-established. That is the beauty of a gpo.



--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"gemel" <jonel@glenavon1.demon.co.uk> wrote in message
news:d3ji411m85jke9iq73oucitin9cg7srdvg@4ax.com...
> I am applying both file and registry permissions for an application
> running on a Windows 2003 Server by using a template imported into a
> Group Policy object. I now wish to return the registry settings to
> those inplace prior to the linking of this new GPO. Can I achieve this
> by simply unlinking the GPO and then waiting until the server settings
> have updated?
>
> What woould be the effect of simply deleting the GPO?
>
> Regards
>
> Gemel

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Paul Bergson wrote:

> If you delete or unlink the gpo all settings previous to the application of
> this gpo should be re-established. That is the beauty of a gpo.
>

Where exactly would those old settings be stored?? And can there be more than
1 set? If so, how would the system know which set to restore? Do they come
from the local security policy?

>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "gemel" <jonel@glenavon1.demon.co.uk> wrote in message
> news:d3ji411m85jke9iq73oucitin9cg7srdvg@4ax.com...
> > I am applying both file and registry permissions for an application
> > running on a Windows 2003 Server by using a template imported into a
> > Group Policy object. I now wish to return the registry settings to
> > those inplace prior to the linking of this new GPO. Can I achieve this
> > by simply unlinking the GPO and then waiting until the server settings
> > have updated?
> >
> > What woould be the effect of simply deleting the GPO?
> >
> > Regards
> >
> > Gemel

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The old settings aren't stored anywhere. The gpo masks on top of the
current setting and isn't saved when the user logs off. I don't know the
inner workings of how it all takes place.

This white paper covers some detailed info with examples.

http://www.microsoft.com/downloads/details.aspx?familyid=354b9f45-8aa6-4775-9208-c681a7043292&displaylang=en


--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"Brandon McCombs" <bmccombs@ma.rr.com> wrote in message
news:4249ECD9.B7438531@ma.rr.com...
>
>
> Paul Bergson wrote:
>
> > If you delete or unlink the gpo all settings previous to the application
of
> > this gpo should be re-established. That is the beauty of a gpo.
> >
>
> Where exactly would those old settings be stored?? And can there be more
than
> 1 set? If so, how would the system know which set to restore? Do they
come
> from the local security policy?
>
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> > "gemel" <jonel@glenavon1.demon.co.uk> wrote in message
> > news:d3ji411m85jke9iq73oucitin9cg7srdvg@4ax.com...
> > > I am applying both file and registry permissions for an application
> > > running on a Windows 2003 Server by using a template imported into a
> > > Group Policy object. I now wish to return the registry settings to
> > > those inplace prior to the linking of this new GPO. Can I achieve this
> > > by simply unlinking the GPO and then waiting until the server settings
> > > have updated?
> > >
> > > What woould be the effect of simply deleting the GPO?
> > >
> > > Regards
> > >
> > > Gemel
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

That mechanism specifically doesn't apply to Win2k's security policy in
general and specifically for file and registry security settings going
forward. If you remove those settings from GP, they will remain on the
domain clients that those settings applied on.

You might be able to reconstruct what those permissions were by examining
%windir%\security\templates\setup security.inf. For DCs it's named DC
security.inf.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm


"Paul Bergson" <pbergson_nospam@allete.com> wrote in message
news:%23aN0poGNFHA.1392@TK2MSFTNGP10.phx.gbl...
> If you delete or unlink the gpo all settings previous to the application
> of
> this gpo should be re-established. That is the beauty of a gpo.
>
>
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
> "gemel" <jonel@glenavon1.demon.co.uk> wrote in message
> news:d3ji411m85jke9iq73oucitin9cg7srdvg@4ax.com...
>> I am applying both file and registry permissions for an application
>> running on a Windows 2003 Server by using a template imported into a
>> Group Policy object. I now wish to return the registry settings to
>> those inplace prior to the linking of this new GPO. Can I achieve this
>> by simply unlinking the GPO and then waiting until the server settings
>> have updated?
>>
>> What woould be the effect of simply deleting the GPO?
>>
>> Regards
>>
>> Gemel
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Good point. Those are definitions set up and forced upon via user defined
settings.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"Nick Finco [MSFT]" <nfinco@online.microsoft.com> wrote in message
news:#Aa2n8kNFHA.644@TK2MSFTNGP14.phx.gbl...
> That mechanism specifically doesn't apply to Win2k's security policy in
> general and specifically for file and registry security settings going
> forward. If you remove those settings from GP, they will remain on the
> domain clients that those settings applied on.
>
> You might be able to reconstruct what those permissions were by examining
> %windir%\security\templates\setup security.inf. For DCs it's named DC
> security.inf.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Any opinions or policies stated within are my own and do not necessarily
> constitute those of my employer. Use of included script samples are
subject
> to the terms specified at http://www.microsoft.com/info/cpyright.htm
>
>
> "Paul Bergson" <pbergson_nospam@allete.com> wrote in message
> news:%23aN0poGNFHA.1392@TK2MSFTNGP10.phx.gbl...
> > If you delete or unlink the gpo all settings previous to the application
> > of
> > this gpo should be re-established. That is the beauty of a gpo.
> >
> >
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >
> >
> >
> > "gemel" <jonel@glenavon1.demon.co.uk> wrote in message
> > news:d3ji411m85jke9iq73oucitin9cg7srdvg@4ax.com...
> >> I am applying both file and registry permissions for an application
> >> running on a Windows 2003 Server by using a template imported into a
> >> Group Policy object. I now wish to return the registry settings to
> >> those inplace prior to the linking of this new GPO. Can I achieve this
> >> by simply unlinking the GPO and then waiting until the server settings
> >> have updated?
> >>
> >> What woould be the effect of simply deleting the GPO?
> >>
> >> Regards
> >>
> >> Gemel
> >
> >
>
>