Click here to get back home

Security Config and Analysis issue
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Security Config and Analysis issue Bryce 09-16-2008
Get Chitika Premium
Posted by Bryce on September 16, 2008, 10:15 am
Please log in for more thread options

Hi,
I have member servers that we want to roll out a custom security template
to. We created the template and verified the settings. we can analyze and
configure.
not all the settings take. the security permissions for the ntfs and
registry strings are not there.
when we re analyze we see a green check mark but when we go to the location
(not in the mmc), we still see power users and others that should have been
removed.
also
if i try to view the properties of the security items in the mmc, i get an
error message saying "MMC has detected an error in a snap-in. It is
recommended that you shutdown and restart the MMC.
Report error to MS and close
Ingnore and continue
this is server 2003 sp2 and i reviewed kb915797 and even tried the hotfix
but does not install because i have sp2 which is newer than the hotfix
message appears.

any thoughts or suggestions. i am working in a test lab so if if craps out
dont worry about it.

Posted by Roger Abell [MVP] on September 23, 2008, 3:24 am
Please log in for more thread options

> Hi,
> I have member servers that we want to roll out a custom security template
> to. We created the template and verified the settings. we can analyze
> and
> configure.
> not all the settings take. the security permissions for the ntfs and
> registry strings are not there.
> when we re analyze we see a green check mark but when we go to the
> location
> (not in the mmc), we still see power users and others that should have
> been
> removed.

Are you choosing to apply and then replace or apply and then propagate
inheritables ?
Fron the expections your post seems to imply you would need to use the first
of these.

> also
> if i try to view the properties of the security items in the mmc, i get an
> error message saying "MMC has detected an error in a snap-in. It is
> recommended that you shutdown and restart the MMC.
> Report error to MS and close
> Ingnore and continue
> this is server 2003 sp2 and i reviewed kb915797 and even tried the hotfix
> but does not install because i have sp2 which is newer than the hotfix
> message appears.
>

I reported that to MS as needing to get fixed when mmc 3 first released,
but to my awareness that functionality remains broken without a fix.

> any thoughts or suggestions. i am working in a test lab so if if craps
> out
> dont worry about it.



Posted by Bryce on September 23, 2008, 10:54 am
Please log in for more thread options


Hi,
Thanks for the response. After several tests, the apply and replace did not
"apply and replace", it merged.
Changing to "propagate" actually replaced the settings. Go figure.

If MMC v3 is still broken, then i will try to work around it. Would you
know of any free software that can perform the ntfs and registry security
comparisons?

Thanks,
Bryce

"Roger Abell [MVP]" wrote:

> > Hi,
> > I have member servers that we want to roll out a custom security template
> > to. We created the template and verified the settings. we can analyze
> > and
> > configure.
> > not all the settings take. the security permissions for the ntfs and
> > registry strings are not there.
> > when we re analyze we see a green check mark but when we go to the
> > location
> > (not in the mmc), we still see power users and others that should have
> > been
> > removed.
>
> Are you choosing to apply and then replace or apply and then propagate
> inheritables ?
> Fron the expections your post seems to imply you would need to use the first
> of these.
>
> > also
> > if i try to view the properties of the security items in the mmc, i get an
> > error message saying "MMC has detected an error in a snap-in. It is
> > recommended that you shutdown and restart the MMC.
> > Report error to MS and close
> > Ingnore and continue
> > this is server 2003 sp2 and i reviewed kb915797 and even tried the hotfix
> > but does not install because i have sp2 which is newer than the hotfix
> > message appears.
> >
>
> I reported that to MS as needing to get fixed when mmc 3 first released,
> but to my awareness that functionality remains broken without a fix.
>
> > any thoughts or suggestions. i am working in a test lab so if if craps
> > out
> > dont worry about it.
>
>
>

Posted by Roger Abell [MVP] on September 23, 2008, 10:34 pm
Please log in for more thread options



> Hi,
> Thanks for the response. After several tests, the apply and replace did
> not
> "apply and replace", it merged.
> Changing to "propagate" actually replaced the settings. Go figure.
>

hmmm - that is quite bizzarre

> If MMC v3 is still broken, then i will try to work around it. Would you
> know of any free software that can perform the ntfs and registry security
> comparisons?
No I do not, and even though the report (green checks, red x, counts) is a
bit brain-dead (and has been since initial release with W2k) it is quite
concise and useful. When I say brain-dead I am referring to how the
counts bubble up, which is (and has been acknowleged by MS to be)
less than accurate (or accurate as one would think the counts should
add up). At least one has a different way to drill into the permissions
now that that part is broken.

Roger

> "Roger Abell [MVP]" wrote:
>
>> > Hi,
>> > I have member servers that we want to roll out a custom security
>> > template
>> > to. We created the template and verified the settings. we can analyze
>> > and
>> > configure.
>> > not all the settings take. the security permissions for the ntfs and
>> > registry strings are not there.
>> > when we re analyze we see a green check mark but when we go to the
>> > location
>> > (not in the mmc), we still see power users and others that should have
>> > been
>> > removed.
>>
>> Are you choosing to apply and then replace or apply and then propagate
>> inheritables ?
>> Fron the expections your post seems to imply you would need to use the
>> first
>> of these.
>>
>> > also
>> > if i try to view the properties of the security items in the mmc, i get
>> > an
>> > error message saying "MMC has detected an error in a snap-in. It is
>> > recommended that you shutdown and restart the MMC.
>> > Report error to MS and close
>> > Ingnore and continue
>> > this is server 2003 sp2 and i reviewed kb915797 and even tried the
>> > hotfix
>> > but does not install because i have sp2 which is newer than the hotfix
>> > message appears.
>> >
>>
>> I reported that to MS as needing to get fixed when mmc 3 first released,
>> but to my awareness that functionality remains broken without a fix.
>>
>> > any thoughts or suggestions. i am working in a test lab so if if craps
>> > out
>> > dont worry about it.
>>
>>
>>



Similar ThreadsPosted
W2k3 SP2 breaks Security Configuration and Analysis Util April 7, 2007, 3:38 am
Security Config Wiz doesn't run on Win2003 SP2 June 4, 2007, 2:24 am
SP1 Security Config Wizard fails from cmdlines.txt September 27, 2005, 4:08 pm
.NET machine.config June 13, 2006, 1:01 pm
How to config windows firewall allow dhcp services? February 21, 2006, 4:57 pm
Security issue about NTUSER.MAN November 25, 2006, 12:45 pm
Security Issue/Question April 28, 2007, 12:12 am
Application security issue May 15, 2007, 2:13 pm
Folder Security Issue November 1, 2007, 10:53 am
Windows 2003 security issue January 25, 2006, 3:50 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap