Home
Certification Preparation
Microsoft
MCSA / MCSE on Windows 2003 General
Net Infra 70-291
security policy templates
tctech
I had a question on security policies asking to match the correct template to the right OU.
it only asked for basic and default security on the whole network. I had to match the correct policy to the domain.com , dc's ou, clients ou, servers OU. It never said to use Secure or Highsec... so I ended up picking these 'basicdc.inf' and 'basic*.inf' templates which now I'm thinking that these are fake.?? An I shoudl have just used setup security.inf for all OU's ?? Even the domain ?
anyone know what i'm talking about?
I definetally need for review here.
basic*.inf's don't even exist do they?? There not defaults?!?
Find more posts tagged with
Comments
Danman32
I would have to see the exact wording of the question. Sounds like it was worded that could trick you.
Default security template is never a good idea to deploy through a GPO, as it is quite large.
sprkymrk
To see the default security templates:
Start > Run > MMC
File > Add/Remove Snap-In
Add > Select "Security Templates" > Add > Okay
Expand the + sign a couple of times and you'll see 8 of them.
tctech
i see 7 ...
so which policy is considered a default?
setup security i assume
Smallguy
they were probably looknig ot see if you knew yuor templates
take a look at
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scedefaultpols.mspx?mfr=true
as you can see there are different levels of security and thus different templates there are also workstation and DC templates for each security level
security is always a comprimise between securing the system and useability legacy apps generally will not run in if the Highsecws tempalte is applied so you might need ot comprimise the security a bit inorder to have operability
after all a 100% secure environment doe;snt exist...because yuo could not use the machine
Smallguy
tctech
wrote:
i see 7 ...
so which policy is considered a default?
setup security i assume
correct
tctech
thanks for the link... it was defiinetaly a trick question...
i still dont know the exact answer but that ok... i dont want to break any rules here.
thanks for the help
sprkymrk
tctech
wrote:
i see 7 ...
so which policy is considered a default?
setup security i assume
Sorry, you're right it's 7.
The 8th one was a custom policy I have at work.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
