Adding Windows 2003 options (GPO)

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,

I have AD that all the DC's are Windows 2000.
I have OU that contain all the my servers (except the DC's) and I want to
harden my systems using GPO. the servers OS are Windows 2000 and Windows
2003.
According to Microsoft "Windows Server 2003 Security Guide" there are User
rights assignments and security options that exist only on Windows 2003.
How can I add these options to my current environment?

Thanks,

Nir B

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You have a couple of options. One would be to modify Local Security Policy
[secpol.msc]. You could create Security Templates - .inf files to import
into Local Security Policy to make it easier that modifying each server
individually. If you do that I highly recommend that you make a "rollback"
template using secedit for each template FIRST. Another option would be to
separate the W2K and W2003 servers into their own OU's which could be child
OU's of the current OU. Then create a GPO for the W2003 Servers and manage
it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
where you can then browse to other GPO's in the domain once you are logged
on as a domain admin or someone who has write permissions to that GPO. You
will then be able to manage the security settings available to a Windows
2003 server. If you use an XP Pro computer be sure it is a known secure
computer ideally used only by domain admins or those delegated authority. It
is too easy to put a software or hardware keystroke logger on an unsecured
computer to capture admin credentials. --- Steve


"Nir B" <nir@icomverse.com> wrote in message
news:OdSK2ye3EHA.924@TK2MSFTNGP14.phx.gbl...
> Hi All,
>
> I have AD that all the DC's are Windows 2000.
> I have OU that contain all the my servers (except the DC's) and I want to
> harden my systems using GPO. the servers OS are Windows 2000 and Windows
> 2003.
> According to Microsoft "Windows Server 2003 Security Guide" there are User
> rights assignments and security options that exist only on Windows 2003.
> How can I add these options to my current environment?
>
> Thanks,
>
> Nir B
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks!!!

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:Ooqud.173128$V41.67303@attbi_s52...
> You have a couple of options. One would be to modify Local Security Policy
> [secpol.msc]. You could create Security Templates - .inf files to import
> into Local Security Policy to make it easier that modifying each server
> individually. If you do that I highly recommend that you make a "rollback"
> template using secedit for each template FIRST. Another option would be to
> separate the W2K and W2003 servers into their own OU's which could be
child
> OU's of the current OU. Then create a GPO for the W2003 Servers and manage
> it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
> where you can then browse to other GPO's in the domain once you are logged
> on as a domain admin or someone who has write permissions to that GPO. You
> will then be able to manage the security settings available to a Windows
> 2003 server. If you use an XP Pro computer be sure it is a known secure
> computer ideally used only by domain admins or those delegated authority.
It
> is too easy to put a software or hardware keystroke logger on an unsecured
> computer to capture admin credentials. --- Steve
>
>
> "Nir B" <nir@icomverse.com> wrote in message
> news:OdSK2ye3EHA.924@TK2MSFTNGP14.phx.gbl...
> > Hi All,
> >
> > I have AD that all the DC's are Windows 2000.
> > I have OU that contain all the my servers (except the DC's) and I want
to
> > harden my systems using GPO. the servers OS are Windows 2000 and Windows
> > 2003.
> > According to Microsoft "Windows Server 2003 Security Guide" there are
User
> > rights assignments and security options that exist only on Windows 2003.
> > How can I add these options to my current environment?
> >
> > Thanks,
> >
> > Nir B
> >
> >
>
>