RE: Windows 2000 local security policy

["dave" <dave () netmedic net>]

Mohamed,

1.  Is the Windows NT server only a Stand-Alone or a Domain Controller? If
it is a DC you can pass the authentication to and from the Novell server.
Also is the Novell 4 or 5?  You said the NT server is providing exchange
what is it using for authentication?

2.  Creating a template is rather simple; actually it would be easier to do
on one of your W2K workstations and that is the method I am giving you.

3. Start |Run |MMC in the MMC Console |Add/Remove Snap In |ADD | scroll to
Security Templates Double click |OK.

4. Now you are back in MMC.  Right Click on the Security Templates | New
template search path | traverse to %systemroot%\security\templates.

5. Now that path appears in your MMC.  Choose one of the templates that
appear in that path (one that ends in WS for Workstation) Right Click and
pick save as mysecurews.inf Modify and save the settings you want.

6.  Use this following batch file to auto install the template on your W2K
WorkStations.
%Systemroot%\system32\secedit.exe /configure /DB
%Systemroot%\security\database\sec.sdb /CFG %Systemroot%\security\templates\
mysecurews.inf /verbose /log %Systemroot%\security\logs\mysecurews.log

The log file will give you any errors it finds etc...

Now you could deploy this via a login script or you could run it
individually on the systems takes about 5-20 minutes depending all that you
configure.

E-mail me I will send you a blank .sdb if you need it, and the link for
secedit for WinNT if you need it.  It comes with W2K so you do not have to
worry about those systems.

Hope this helps,

 

Dave Kleiman
dave () netmedic net
www.netmedic.net

 


-----Original Message-----
From: Mohamed Karmil Asgarally ( ZADCO ITS) [mailto:Karmil () zadco co ae] 
Sent: Saturday, January 18, 2003 23:38
To: security-basics () securityfocus com
Subject: Windows 2000 local security policy

Hi All,

I am currently working on a solution to deploy local security policy
settings on users desktop running Windows 2000 professional.  I am aware
that group policies can be centrally managed from Windows 2000 server active
directory.  However, i have currently only Windows Nt as server and we are
using Novell Netware as authentication server.  The Windows NT server is
only to provide services such as Exchange.

If anyone can help me in:
*       how to create a policy template (probably in *.inf format)
*       how to deploy this template (probably through login script) to the
desktops
*       how to audit the settings (to determine whether the policy setting
has been properly updated or if there is any breach of security by users)

I have heard of a tool called secedit.exe.  However, the help i have
obtained on how to use this tool is quite confusing.

I am open to any suggestions.  Please help as this is an urgent issue.

The policies i am trying to set are:
*       Audit policy
*       User rights assignment; and
*       Security policies

These policies are to be deployed to 1000+ desktop computers

Thanks to everyone for any help and suggestions