Adding Windows 2003 options (GPO)

N

Nir B

Hi All,

I have AD that all the DC's are Windows 2000.
I have OU that contain all the my servers (except the DC's) and I want to
harden my systems using GPO. the servers OS are Windows 2000 and Windows
2003.
According to Microsoft "Windows Server 2003 Security Guide" there are User
rights assignments and security options that exist only on Windows 2003.
How can I add these options to my current environment?

Thanks,

Nir B
 
S

Steven L Umbach

You have a couple of options. One would be to modify Local Security Policy
[secpol.msc]. You could create Security Templates - .inf files to import
into Local Security Policy to make it easier that modifying each server
individually. If you do that I highly recommend that you make a "rollback"
template using secedit for each template FIRST. Another option would be to
separate the W2K and W2003 servers into their own OU's which could be child
OU's of the current OU. Then create a GPO for the W2003 Servers and manage
it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
where you can then browse to other GPO's in the domain once you are logged
on as a domain admin or someone who has write permissions to that GPO. You
will then be able to manage the security settings available to a Windows
2003 server. If you use an XP Pro computer be sure it is a known secure
computer ideally used only by domain admins or those delegated authority. It
is too easy to put a software or hardware keystroke logger on an unsecured
computer to capture admin credentials. --- Steve
 
N

Nir B

Thanks!!!

Steven L Umbach said:
You have a couple of options. One would be to modify Local Security Policy
[secpol.msc]. You could create Security Templates - .inf files to import
into Local Security Policy to make it easier that modifying each server
individually. If you do that I highly recommend that you make a "rollback"
template using secedit for each template FIRST. Another option would be to
separate the W2K and W2003 servers into their own OU's which could be child
OU's of the current OU. Then create a GPO for the W2003 Servers and manage
it with either an XP Pro or W2003 Server via mmc snapin for Group Policy
where you can then browse to other GPO's in the domain once you are logged
on as a domain admin or someone who has write permissions to that GPO. You
will then be able to manage the security settings available to a Windows
2003 server. If you use an XP Pro computer be sure it is a known secure
computer ideally used only by domain admins or those delegated authority. It
is too easy to put a software or hardware keystroke logger on an unsecured
computer to capture admin credentials. --- Steve


Nir B said:
Hi All,

I have AD that all the DC's are Windows 2000.
I have OU that contain all the my servers (except the DC's) and I want to
harden my systems using GPO. the servers OS are Windows 2000 and Windows
2003.
According to Microsoft "Windows Server 2003 Security Guide" there are User
rights assignments and security options that exist only on Windows 2003.
How can I add these options to my current environment?

Thanks,

Nir B
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NETWORK SERVICE, LOCAL SERVICE accounts 5
Question About Group Policy 1
GPO IE Zone Mapping issue on TS 2
how to apply w2k security to w2k member servers under w2k3 domain? 6
Domain Audit Policy not applying to one server 4
GPO 1
Upgrade from Windows 2000 to 2003 AD 1
Windows 2000 Domain with Windows 2003 DC's?? 6

Top