security policy templates
tctech
Member Posts: 20 ■□□□□□□□□□
I had a question on security policies asking to match the correct template to the right OU.
it only asked for basic and default security on the whole network. I had to match the correct policy to the domain.com , dc's ou, clients ou, servers OU. It never said to use Secure or Highsec... so I ended up picking these 'basicdc.inf' and 'basic*.inf' templates which now I'm thinking that these are fake.?? An I shoudl have just used setup security.inf for all OU's ?? Even the domain ?
anyone know what i'm talking about?
I definetally need for review here.
basic*.inf's don't even exist do they?? There not defaults?!?
it only asked for basic and default security on the whole network. I had to match the correct policy to the domain.com , dc's ou, clients ou, servers OU. It never said to use Secure or Highsec... so I ended up picking these 'basicdc.inf' and 'basic*.inf' templates which now I'm thinking that these are fake.?? An I shoudl have just used setup security.inf for all OU's ?? Even the domain ?
anyone know what i'm talking about?
I definetally need for review here.
basic*.inf's don't even exist do they?? There not defaults?!?
“I learned there are troubles of more than one kind, some come from ahead, and some come from behind…. But I’ve bought a big bat. I’m all ready you see. Now my troubles are going to have troubles with me!” - Dr. Seuss
Comments
Default security template is never a good idea to deploy through a GPO, as it is quite large.
Start > Run > MMC
File > Add/Remove Snap-In
Add > Select "Security Templates" > Add > Okay
Expand the + sign a couple of times and you'll see 8 of them.
so which policy is considered a default?
setup security i assume
take a look at
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scedefaultpols.mspx?mfr=true
as you can see there are different levels of security and thus different templates there are also workstation and DC templates for each security level
security is always a comprimise between securing the system and useability legacy apps generally will not run in if the Highsecws tempalte is applied so you might need ot comprimise the security a bit inorder to have operability
after all a 100% secure environment doe;snt exist...because yuo could not use the machine
correct
i still dont know the exact answer but that ok... i dont want to break any rules here.
thanks for the help
Sorry, you're right it's 7.
The 8th one was a custom policy I have at work.