Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Hi William
Your best bet is to administer the policies from a Windows XP machine using
GPMC or the Admin Tools:
GPMC
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
Adminpak
http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en
You will see the descriptions that correspond to the operating system you
are editing the policy from. You may be able to use the information from
the following knowledge base article to copy the XP sceregvl.inf file to
Windows 2000 machines but I'd consider just using an XP client as an
administration station.
214752 How to Add Custom Registry Settings to Security Configuration Editor
http://support.microsoft.com/?id=214752
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"William P" <WilliamP@discussions.microsoft.com> wrote in message
news:C91C961C-47F5-4156-9A41-B8AEE4778D6A@microsoft.com...
> Mark,
>
> The descriptions are located in %windir%\inf\sceregvl.inf.
>
> Is it possible to replace the XP version of this file with the one on my
> W2K
> DC?
>
> William
> "Mark Renoden [MSFT]" wrote:
>
>> Hi William
>>
>> I'm not sure where these are stored (if they are in a file anywhere). It
>> may be the case that they are hardcoded. As with the .adm based
>> policies,
>> the names of the settings have evolved with the operating system.
>>
>> Kind regards
>> --
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "William P" <WilliamP@discussions.microsoft.com> wrote in message
>> news:944B8DC6-7B6F-4151-B9CF-001B3E7A5FE3@microsoft.com...
>> > Thanks Mark,
>> >
>> > This is true for certain policy settings, however, when you look in
>> > Computer
>> > Configuration \ Windows Settings \ Security Settings \ Local Policies \
>> > 'Security Options', these settings are do not come from an ADM-template
>> > file.
>> > The setting, for example:
>> > Accounts: Rename Guest Account
>> >
>> > is not present in a ADM-template file.
>> >
>> > This is why I was wondering where the text descriptions for the
>> > settings
>> > found under 'Security Options' are located.
>> >
>> > By starting Local Security Policy on an XP workstation, the
>> > descriptions
>> > are
>> > different than they appear in a GPO in the domain.
>> >
>> > Can you clarify this please?
>> >
>> > William
>> >
>> >
>> > "Mark Renoden [MSFT]" wrote:
>> >
>> >> Hi William
>> >>
>> >> The policy text comes from the appropriate .adm file in the
>> >> %windor%\inf
>> >> folder. The policy text (and descriptions) have simply evolved
>> >> between
>> >> Windows versions. If you're running Windows XP clients in your
>> >> Windows
>> >> 2000
>> >> domain, you can update the .adm files on your DC's by downloading the
>> >> latest
>> >> ..adm files (which are currently Windows XP SP2). These can be
>> >> downloaded
>> >> from:
>> >>
>> >>
>> >>
http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4B6C-AD4A-BBF3802A5C9B&displaylang=en
>> >>
>> >> If you do this, beware of:
>> >>
>> >>
http://support.microsoft.com/default.aspx?kbid=842933
>> >>
>> >> The alternative is to edit the GPO's as an Administrator from a
>> >> Windows
>> >> XP
>> >> client. For this you can use GPMC:
>> >>
>> >>
>> >>
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
>> >>
>> >> Kind regards
>> >> --
>> >> Mark Renoden [MSFT]
>> >> Windows Platform Support Team
>> >> Email: markreno@online.microsoft.com
>> >>
>> >> Please note you'll need to strip ".online" from my email address to
>> >> email
>> >> me; I'll post a response back to the group.
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >>
>> >> "William P" <WilliamP@discussions.microsoft.com> wrote in message
>> >> news:26A30D78-5D36-4384-A3A0-A720C3C575D2@microsoft.com...
>> >> >I have been testing my Domain-wide GPOs on XP SP2 workstations and
>> >> >have
>> >> > noticed that when I open 'Local Security Policy' on a workstation,
>> >> > check
>> >> > the
>> >> > settings in 'Security Options', the settings are named different
>> >> > than
>> >> > on
>> >> > my
>> >> > W2K domain controller. For example:
>> >> >
>> >> > Devices: Restrict DC-ROM access to locally logged on users
>> >> > and
>> >> > on W2k DC I only have Restrict DC-ROM access to locally logged on
>> >> > users.
>> >> >
>> >> > I downloaded the W2K3 Policysettings XLS sheet and the names present
>> >> > for
>> >> > 'Security Options' are the same as what I see when opening the
>> >> > 'Local
>> >> > Security Policy'. But different from what I see when I open a GPO in
>> >> > my
>> >> > domain using the MMC.
>> >> >
>> >> > Why is this?
>> >> >
>> >> > My second question is: Where does the text description for the
>> >> > 'Security
>> >> > Options' come from?
>> >> >
>> >> > Any help would be greatly appreciated.
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>