Click here to get back home

SCW Templates
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
SCW Templates Ryan Sanders 12-20-2006
Posted by Ryan Sanders on December 20, 2006, 11:26 am
Please log in for more thread options
 I am reading about the pre-defined security templates provided by
Microsoft in Windows 2003 and I am un-clear about something.

The hisecdc.inf says "specify additional restrictions that are not
defined by the Secure templates"

Does that mean that the hisecdc.inf includes all the settings from the
secure template OR does it mean that it only applies setting that are
above the secure template. Meaning I would have to apply the secure
template and then the hisec template to get the cumulative settings?

Posted by Jesper on December 20, 2006, 3:54 pm
Please log in for more thread options
 Ryan, you really should not use those templates. Those are not SCW templates,
they are actually old Security Configuration Editor templates. They were
created about 8 years ago as examples of what a secure server might look
like. They have been updated a little since then, but are basically proofs of
concept only.

If you feel that the threats you are facing are more or less severe than
what Windows Server was designed for then you should start with the Windows
Server 2003 Security Guide as a base for how to configure it to meet those
threats. You can download the guide at:
http://www.microsoft.com/downloads/details.aspx?familyid=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en

In all but a few cases you will get pretty good results with SCW if you just
spend some time with the wizard.

"Ryan Sanders" wrote:

> I am reading about the pre-defined security templates provided by
> Microsoft in Windows 2003 and I am un-clear about something.
>
> The hisecdc.inf says "specify additional restrictions that are not
> defined by the Secure templates"
>
> Does that mean that the hisecdc.inf includes all the settings from the
> secure template OR does it mean that it only applies setting that are
> above the secure template. Meaning I would have to apply the secure
> template and then the hisec template to get the cumulative settings?
>

Posted by Leuchtflux on December 21, 2006, 7:00 am
Please log in for more thread options
I guess, they mean that these security templates can be applied only
when default security templates were allready installed. That these
default security templates should be installed prior to installing such
additional security templates as that highly secure template you're
mentioning.
Ryan Sanders wrote:
> I am reading about the pre-defined security templates provided by
> Microsoft in Windows 2003 and I am un-clear about something.
>
> The hisecdc.inf says "specify additional restrictions that are not
> defined by the Secure templates"
>
> Does that mean that the hisecdc.inf includes all the settings from the
> secure template OR does it mean that it only applies setting that are
> above the secure template. Meaning I would have to apply the secure
> template and then the hisec template to get the cumulative settings?


Posted by Jesper on December 21, 2006, 4:20 pm
Please log in for more thread options
Not really. The built in templates should never be used. They are
inappropriate for just about every purpose. They are not designed to a
specific threat model. The likelihood that they will meet your threat model
is very low. You should use the security guides to develop a security
strategy that meets your needs. The one-size-fits-all approach that the
built-in templates were designed for does not work. SCW was actually designed
specifically to create a more customized approach to security.

"Leuchtflux" wrote:

> I guess, they mean that these security templates can be applied only
> when default security templates were allready installed. That these
> default security templates should be installed prior to installing such
> additional security templates as that highly secure template you're
> mentioning.
> Ryan Sanders wrote:
> > I am reading about the pre-defined security templates provided by
> > Microsoft in Windows 2003 and I am un-clear about something.
> >
> > The hisecdc.inf says "specify additional restrictions that are not
> > defined by the Secure templates"
> >
> > Does that mean that the hisecdc.inf includes all the settings from the
> > secure template OR does it mean that it only applies setting that are
> > above the secure template. Meaning I would have to apply the secure
> > template and then the hisec template to get the cumulative settings?
>
>

Similar ThreadsPosted
Security Templates June 23, 2005, 2:32 pm
Securing with templates November 16, 2005, 3:58 am
security templates December 8, 2005, 12:19 pm
Security Templates December 28, 2005, 7:09 am
security templates January 29, 2006, 5:34 am
Certificate templates with standalone CA October 7, 2005, 4:07 pm
Certificate Templates and third party CSP January 5, 2006, 8:11 am
SCEP and certificate templates June 11, 2006, 9:07 am
Cannot Add Certificate Templates To Enterprise CA December 14, 2006, 7:45 pm
Duplicate Certificate templates January 28, 2008, 9:18 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap