Adding Windows 2003 options (GPO)

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,

I have AD that all the DC's are Windows 2000.
I have OU that contain all the my servers (except the DC's) and I want to
harden my systems using GPO. the servers OS are Windows 2000 and Windows
2003.
According to Microsoft "Windows Server 2003 Security Guide" there are User
rights assignments and security options that exist only on Windows 2003.
How can I add these options to my current environment?

Thanks,

Nir B
2 answers Last reply
More about adding windows 2003 options
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    You have a couple of options. One would be to modify Local Security Policy
    [secpol.msc]. You could create Security Templates - .inf files to import
    into Local Security Policy to make it easier that modifying each server
    individually. If you do that I highly recommend that you make a "rollback"
    template using secedit for each template FIRST. Another option would be to
    separate the W2K and W2003 servers into their own OU's which could be child
    OU's of the current OU. Then create a GPO for the W2003 Servers and manage
    it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
    where you can then browse to other GPO's in the domain once you are logged
    on as a domain admin or someone who has write permissions to that GPO. You
    will then be able to manage the security settings available to a Windows
    2003 server. If you use an XP Pro computer be sure it is a known secure
    computer ideally used only by domain admins or those delegated authority. It
    is too easy to put a software or hardware keystroke logger on an unsecured
    computer to capture admin credentials. --- Steve


    "Nir B" <nir@icomverse.com> wrote in message
    news:OdSK2ye3EHA.924@TK2MSFTNGP14.phx.gbl...
    > Hi All,
    >
    > I have AD that all the DC's are Windows 2000.
    > I have OU that contain all the my servers (except the DC's) and I want to
    > harden my systems using GPO. the servers OS are Windows 2000 and Windows
    > 2003.
    > According to Microsoft "Windows Server 2003 Security Guide" there are User
    > rights assignments and security options that exist only on Windows 2003.
    > How can I add these options to my current environment?
    >
    > Thanks,
    >
    > Nir B
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks!!!

    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:Ooqud.173128$V41.67303@attbi_s52...
    > You have a couple of options. One would be to modify Local Security Policy
    > [secpol.msc]. You could create Security Templates - .inf files to import
    > into Local Security Policy to make it easier that modifying each server
    > individually. If you do that I highly recommend that you make a "rollback"
    > template using secedit for each template FIRST. Another option would be to
    > separate the W2K and W2003 servers into their own OU's which could be
    child
    > OU's of the current OU. Then create a GPO for the W2003 Servers and manage
    > it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
    > where you can then browse to other GPO's in the domain once you are logged
    > on as a domain admin or someone who has write permissions to that GPO. You
    > will then be able to manage the security settings available to a Windows
    > 2003 server. If you use an XP Pro computer be sure it is a known secure
    > computer ideally used only by domain admins or those delegated authority.
    It
    > is too easy to put a software or hardware keystroke logger on an unsecured
    > computer to capture admin credentials. --- Steve
    >
    >
    > "Nir B" <nir@icomverse.com> wrote in message
    > news:OdSK2ye3EHA.924@TK2MSFTNGP14.phx.gbl...
    > > Hi All,
    > >
    > > I have AD that all the DC's are Windows 2000.
    > > I have OU that contain all the my servers (except the DC's) and I want
    to
    > > harden my systems using GPO. the servers OS are Windows 2000 and Windows
    > > 2003.
    > > According to Microsoft "Windows Server 2003 Security Guide" there are
    User
    > > rights assignments and security options that exist only on Windows 2003.
    > > How can I add these options to my current environment?
    > >
    > > Thanks,
    > >
    > > Nir B
    > >
    > >
    >
    >
Ask a new question

Read More

Windows Server 2003 Windows 2000 Security Microsoft Windows