Archived from groups: microsoft.public.win2000.security (
More info?)
Thanks for the reply.
I decided I'm going to setup a dummy machine and build the template from
scratch :-<, that way when I go down the line, section by section, I can see
which section or setting is causing the problem. The server that these apps
(at least a couple of them...) are trying to access is an AS/400. I know
that there are several settings that pertain to communication and such, like
LAN Manager authentication level, reference to named pipes (which we do have
a couple of sql apps...not sure if one of those broke or not). I'm just
thinking that in the File System or Registry sections, permissions got
tightened and that these apps need to be able to write to a temp folder or
something like that. The other program gave an error referencing Paradox. I
think it needed to be able to write a file somewhere also. Looking at logs
on the machines, I didn't see anything that could be a cause. BTW, all
machines are Windows 2000 Pro. I'll take a look at the registry key
permissions you mention below. Any other suggestions are welcome and I'll
post back any results from testing I do.
Chris
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:ye6dnSk0TJl8GcjfRVn-sg@comcast.com...
> From what I can see that security template does not do much. It does
however
> change the user rights for access this computer from the network and logon
> locally though I really doubt that those would be an issue. What I would
try
> is to add the everyone group to access this computer from the network on a
> computer to see if that makes a difference. It does not change any
services
> or file system. It does change permissions to a number of keys under
> MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\* if you look at the
> template, even if you open it with notepad. You can enable auditing of
> object access for failure on a computer and then audit those registry keys
> to see if access is being denied. --- Steve
>
>
> "C Hall" <someone@microsoft.com> wrote in message
> news:OYX$HH3OFHA.3388@TK2MSFTNGP10.phx.gbl...
> > Steven,
> >
> > I applied W2KHG-MemberWKS. I'll take a look at the logs and post any
> > further
> > questions.
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:O6IMJPxOFHA.3356@TK2MSFTNGP12.phx.gbl...
> >> What template did you apply?? It may not be a file/registry permission
> >> problem. Check the application, security, and system logs on one of
those
> >> workstations to see if any helpful information has been recorded there.
> > You
> >> can open the security template in the Security Configuration and
Analysis
> >> mmc snapin tool [see link below] to see what is configured in it and
also
> >> run an analysis of that template on a computer where you have not
> >> applied
> >> it yet to see what changes it makes to security policy. --- Steve
> >>
> >>
> >
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
> >>
> >> "C Hall" <someone@microsoft.com> wrote in message
> >> news:%23F1gn5tOFHA.4000@TK2MSFTNGP15.phx.gbl...
> >> > Hi all,
> >> >
> >> > I was in the process of implementing the W2K Hardening templates on
> >> > some
> >> > workstations, but ran into some problems with third party apps. I got
a
> >> > variety of errors, one app in particular needs to be able to connect
to
> >> > the
> >> > server via UNC path. Not sure what port it uses. Two of the apps
> >> > connect
> >> > to
> >> > a server and return data files (one of those, an image file). Can
> >> > anyone
> >> > render a guess about how the File System and Registry are changed
> >> > (roughly...) with the Hardening templates?
> >> >
> >> >
> >> > Thanks,
> >> > Chris
> >> >
> >> >
> >>
> >>
> >
> >
>
>
Facebook
Twitter
Instagram