Click here to get back home

security templates
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
security templates Bad Beagle 12-08-2005
|--> Re: security templates Miha Pihler [MV...12-08-2005
|--> Re: security templates Roger Abell [MV...12-08-2005
Posted by Bad Beagle on December 8, 2005, 12:19 pm
Please log in for more thread options
 I am trying to use some of the MS security templates for testing. Is there
a way to get the machine back to windows 2003 server default install after
applying one of the templates?



Posted by Miha Pihler [MVP] on December 8, 2005, 5:44 pm
Please log in for more thread options
 Hi,

If you apply "Setup security.inf" template you will get to default security
settings that were applied to the server when it was installed.

How to apply predefined security templates in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;816585

--
Mike
Microsoft MVP - Windows Security

>I am trying to use some of the MS security templates for testing. Is there
>a way to get the machine back to windows 2003 server default install after
>applying one of the templates?
>



Posted by Roger Abell [MVP] on December 8, 2005, 10:24 pm
Please log in for more thread options
Note that applying setup security.inf to a machine that has been
configured post-install is not really a safe, nor desirable operation.

I recommend that one use the Security Configuration and Analysis
snapin to determine what changes the use of a template would
cause. Then, before using such a template, where there is concern,
make a copy of the template but alter its values based on the
analysis so that the template's effects may be simply reversed by
use of the second template.

In effect you have, before applying either, two templates, each with
the same set of policies. Analyzing with one shows no difference
from the existing system state. Analyzing with the other shows what
will happen. If the two do in fact have all of the same policies in
them, just with different values, then you have ability to do a reversible
change (provided you do not totally clobber the system, bsod it, or
lock all admins out, etc.).

>I am trying to use some of the MS security templates for testing. Is there
>a way to get the machine back to windows 2003 server default install after
>applying one of the templates?
>



Posted by Steven L Umbach on December 9, 2005, 12:51 am
Please log in for more thread options
Kind of. You can use secedit to create a rollback security template using
the /GenerateRollback switch but this must be done before you apply the
template and it will not restore file system and registry if you use
templates to do that. If possible in the test environment also do image type
backups of your servers and in a production network always have a current
backup of the System State for at least one domain controller in case you
need to do an authoritative restore of AD in case you have problems at that
level. Beware that some of the included security templates with Windows
2003 seem to be incorrectly configured for services and can cause a lot of
problems if applied by disabling needed services. You can see what a
security template is going to do with the mmc snapin for Security Templates.
The security templates with the Windows 2003 Server Security Guide do not
have that problem. --- Steve


http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b1007de8-a11a-4d88-9370-25e244560587.mspx

--- secedit /syntax

>I am trying to use some of the MS security templates for testing. Is there
>a way to get the machine back to windows 2003 server default install after
>applying one of the templates?
>



Similar ThreadsPosted
Security Templates June 23, 2005, 2:32 pm
Security Templates December 28, 2005, 7:09 am
security templates January 29, 2006, 5:34 am
using security templates to harden servers July 24, 2007, 5:25 am
Security templates, problem with multiple settings July 26, 2005, 1:50 pm
SCW Templates December 20, 2006, 11:26 am
Securing with templates November 16, 2005, 3:58 am
Certificate templates with standalone CA October 7, 2005, 4:07 pm
Certificate Templates and third party CSP January 5, 2006, 8:11 am
SCEP and certificate templates June 11, 2006, 9:07 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap