Click here to get back home

Security Templates
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Security Templates News Microsoft 06-23-2005
Posted by News Microsoft on June 23, 2005, 2:32 pm
Please log in for more thread options
 Hi

Is there any way of rolling back the installation of security templates on
Windows 2003. I am about to deploy them to a live system after testing on a
test system bit would like some way of rolling back.





Posted by Roger Abell on June 23, 2005, 7:15 am
Please log in for more thread options
 The best way is to make a template that represents the current
state of the system. An alternative is to use an analysis with
the intended new template and then note in a different, new
reversal template, all items in the intended that analysis shows
to differ from the existing state.
IOW there is no magic "roll-back" switch.

--
Roger Abell
Microsoft MVP (Windows Security)

> Hi
>
> Is there any way of rolling back the installation of security templates on
> Windows 2003. I am about to deploy them to a live system after testing on
a
> test system bit would like some way of rolling back.
>
>
>




Posted by Steven L Umbach on June 23, 2005, 11:31 pm
Please log in for more thread options
You can use the secedit command with the /generaterollback switch but you
must do this before you apply the security template. A ghost type image
backup would also be another option. Use Help and Support and then under
index look for secedit command - overview and syntax for more details. ---
Steve


> Hi
>
> Is there any way of rolling back the installation of security templates on
> Windows 2003. I am about to deploy them to a live system after testing on
> a test system bit would like some way of rolling back.
>
>
>




Posted by Roger Abell on June 24, 2005, 7:27 am
Please log in for more thread options
Oh boy, am I ever glad Steve is back ! I completely overlooked
signifigance of mention this is W2k3.

I would in that case suggest using GPMC to back-up the most
heavily used (carrying the most policy settings) or the one into
which you are intending to import. This backup may then be
"cloned", i.e. imported (unlinked) under new names. To one
of these you may import. With the other of these you might
import the rollback obtained as Steve advised.

Now, here is where I would expect "got-ya" type things
might arise (if any), in preferences (the tattoo settings that
are not 'true policies"), in extensions like IPsec or Software
Restriction, or in adm extension settings (in other words,
the "mainline" true policy settings in Security section would
be handled well. So, just to be safe I would analyze with
the intended new template and then check that the GPO that
was built from the backup for potential use to roll back did
in fact have policy setting sufficient to reverse what the
analysis showed would be changed.

--
Roger Abell
Microsoft MVP (Windows Security)

> Hi
>
> Is there any way of rolling back the installation of security templates on
> Windows 2003. I am about to deploy them to a live system after testing on
a
> test system bit would like some way of rolling back.
>
>
>




Similar ThreadsPosted
security templates December 8, 2005, 12:19 pm
Security Templates December 28, 2005, 7:09 am
security templates January 29, 2006, 5:34 am
using security templates to harden servers July 24, 2007, 5:25 am
Security templates, problem with multiple settings July 26, 2005, 1:50 pm
SCW Templates December 20, 2006, 11:26 am
Securing with templates November 16, 2005, 3:58 am
Certificate templates with standalone CA October 7, 2005, 4:07 pm
Certificate Templates and third party CSP January 5, 2006, 8:11 am
SCEP and certificate templates June 11, 2006, 9:07 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap