Windows Security Templates

Archived from groups: microsoft.public.win2000.security (More info?)

I have a question about Security Templates.

Q:
How can I make a template that would be as identical as when a wks are a
member of an AD Domain?
This is for standalone users.
Reason I ask is because I am wondering what security is applied when a user
is a member of the domain, like encryptions, passwords stored in reg? etc!!

So I guess I want to make something that is "almost" as secure as being in a
domain when you are working standalone (workgroup)

Hope this makes sense
3 answers Last reply
More about windows security templates
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Domain computers, other than domain controllers, only will have domain
    password policy applied to override their local security policy. Nothing
    else such as security options or user rights are applied to a regular domain
    computer. Therefore you can configure a template to your custom needs for
    password/account policy. Good practice would be to enable password
    complexity and use passwords of at least eight characters in length. Other
    security settings can be configured but a lot depends on the type of network
    they will be in and what other operating systems they will work with. The
    Windows 2000 Security Hardening Guide can help you with that and includes
    some example templates. I would also consider doing the registry mod to
    disable storing of lm hashes on your computers if possible. The links below
    will help. -- Steve

    http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx
    --- Windows 2000 Security Hardening Guide.
    http://support.microsoft.com/kb/299656/en-us/ --- disable lm hash
    http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 --- security
    settings and incompatibilities

    "Acidbat" <Acidbat@discussions.microsoft.com> wrote in message
    news:FDEAC059-8196-4100-A5EA-BE2F2BC53B60@microsoft.com...
    >I have a question about Security Templates.
    >
    > Q:
    > How can I make a template that would be as identical as when a wks are a
    > member of an AD Domain?
    > This is for standalone users.
    > Reason I ask is because I am wondering what security is applied when a
    > user
    > is a member of the domain, like encryptions, passwords stored in reg?
    > etc!!
    >
    > So I guess I want to make something that is "almost" as secure as being in
    > a
    > domain when you are working standalone (workgroup)
    >
    > Hope this makes sense
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    thanks mate :)

    "Steven L Umbach" wrote:

    > Domain computers, other than domain controllers, only will have domain
    > password policy applied to override their local security policy. Nothing
    > else such as security options or user rights are applied to a regular domain
    > computer. Therefore you can configure a template to your custom needs for
    > password/account policy. Good practice would be to enable password
    > complexity and use passwords of at least eight characters in length. Other
    > security settings can be configured but a lot depends on the type of network
    > they will be in and what other operating systems they will work with. The
    > Windows 2000 Security Hardening Guide can help you with that and includes
    > some example templates. I would also consider doing the registry mod to
    > disable storing of lm hashes on your computers if possible. The links below
    > will help. -- Steve
    >
    > http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx
    > --- Windows 2000 Security Hardening Guide.
    > http://support.microsoft.com/kb/299656/en-us/ --- disable lm hash
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 --- security
    > settings and incompatibilities
    >
    > "Acidbat" <Acidbat@discussions.microsoft.com> wrote in message
    > news:FDEAC059-8196-4100-A5EA-BE2F2BC53B60@microsoft.com...
    > >I have a question about Security Templates.
    > >
    > > Q:
    > > How can I make a template that would be as identical as when a wks are a
    > > member of an AD Domain?
    > > This is for standalone users.
    > > Reason I ask is because I am wondering what security is applied when a
    > > user
    > > is a member of the domain, like encryptions, passwords stored in reg?
    > > etc!!
    > >
    > > So I guess I want to make something that is "almost" as secure as being in
    > > a
    > > domain when you are working standalone (workgroup)
    > >
    > > Hope this makes sense
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    I think it is mostly true to say that any policy that can be applied from
    AD using GPO can also be set in a template for use with a standalone.

    The main difference is that when these settings are in a GPO that are
    enforced and reapplied, if need be, by the policy engine. A secondary
    difference is found in settings that are part of an adm template rather
    than as part of the main Sce template.

    In a standalone environment one can do a one-time application of the
    template using the Security Configuration and Analysis MMC snap-in,
    and one can do an import of the security policy portion into the local
    security policy, but the local policy engine will not enforce and reapply
    the settings - if they get changed they get changed (the only settings
    imported into local policy, the security settings, will be handled by the
    local policy engine).

    --
    Roger Abell
    Microsoft MVP (Windows Server System: Security)
    MCDBA, MCSE W2k3+W2k+Nt4
    "Acidbat" <Acidbat@discussions.microsoft.com> wrote in message
    news:FDEAC059-8196-4100-A5EA-BE2F2BC53B60@microsoft.com...
    >I have a question about Security Templates.
    >
    > Q:
    > How can I make a template that would be as identical as when a wks are a
    > member of an AD Domain?
    > This is for standalone users.
    > Reason I ask is because I am wondering what security is applied when a
    > user
    > is a member of the domain, like encryptions, passwords stored in reg?
    > etc!!
    >
    > So I guess I want to make something that is "almost" as secure as being in
    > a
    > domain when you are working standalone (workgroup)
    >
    > Hope this makes sense
Ask a new question

Read More

Security Windows Security Domain Windows