Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Adding Windows 2003 options (GPO)

Adding Windows 2003 options (GPO)

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Adding Windows 2003 options (GPO)

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   12-09-2004 at 08:43:38 PM

Archived from groups: microsoft.public.win2000.security (More info?)

 

Hi All,

I have AD that all the DC's are Windows 2000.
I have OU that contain all the my servers (except the DC's) and I want to
harden my systems using GPO. the servers OS are Windows 2000 and Windows
2003.
According to Microsoft "Windows Server 2003 Security Guide" there are User
rights assignments and security options that exist only on Windows 2003.
How can I add these options to my current environment?

Thanks,

Nir B

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   12-11-2004 at 05:35:10 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

You have a couple of options. One would be to modify Local Security Policy
[secpol.msc]. You could create Security Templates - .inf files to import
into Local Security Policy to make it easier that modifying each server
individually. If you do that I highly recommend that you make a "rollback"
template using secedit for each template FIRST. Another option would be to
separate the W2K and W2003 servers into their own OU's which could be child
OU's of the current OU. Then create a GPO for the W2003 Servers and manage
it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
where you can then browse to other GPO's in the domain once you are logged
on as a domain admin or someone who has write permissions to that GPO. You
will then be able to manage the security settings available to a Windows
2003 server. If you use an XP Pro computer be sure it is a known secure
computer ideally used only by domain admins or those delegated authority. It
is too easy to put a software or hardware keystroke logger on an unsecured
computer to capture admin credentials. --- Steve


"Nir B" <nir@icomverse.com> wrote in message
news:OdSK2ye3EHA.924@TK2MSFTNGP14.phx.gbl...
> Hi All,
>
> I have AD that all the DC's are Windows 2000.
> I have OU that contain all the my servers (except the DC's) and I want to
> harden my systems using GPO. the servers OS are Windows 2000 and Windows
> 2003.
> According to Microsoft "Windows Server 2003 Security Guide" there are User
> rights assignments and security options that exist only on Windows 2003.
> How can I add these options to my current environment?
>
> Thanks,
>
> Nir B
>
>

Reply to Anonymous
Anonymous   12-12-2004 at 03:15:25 PM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

Thanks!!!

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:Ooqud.173128$V41.67303@attbi_s52...
> You have a couple of options. One would be to modify Local Security Policy
> [secpol.msc]. You could create Security Templates - .inf files to import
> into Local Security Policy to make it easier that modifying each server
> individually. If you do that I highly recommend that you make a "rollback"
> template using secedit for each template FIRST. Another option would be to
> separate the W2K and W2003 servers into their own OU's which could be
child
> OU's of the current OU. Then create a GPO for the W2003 Servers and manage
> it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
> where you can then browse to other GPO's in the domain once you are logged
> on as a domain admin or someone who has write permissions to that GPO. You
> will then be able to manage the security settings available to a Windows
> 2003 server. If you use an XP Pro computer be sure it is a known secure
> computer ideally used only by domain admins or those delegated authority.
It
> is too easy to put a software or hardware keystroke logger on an unsecured
> computer to capture admin credentials. --- Steve
>
>
> "Nir B" <nir@icomverse.com> wrote in message
> news:OdSK2ye3EHA.924@TK2MSFTNGP14.phx.gbl...
> > Hi All,
> >
> > I have AD that all the DC's are Windows 2000.
> > I have OU that contain all the my servers (except the DC's) and I want
to
> > harden my systems using GPO. the servers OS are Windows 2000 and Windows
> > 2003.
> > According to Microsoft "Windows Server 2003 Security Guide" there are
User
> > rights assignments and security options that exist only on Windows 2003.
> > How can I add these options to my current environment?
> >
> > Thanks,
> >
> > Nir B
> >
> >
>
>

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Adding Windows 2003 options (GPO)
Go to:

There are 712 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.394 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?