Security usage is available in Windows Server 2003

This is one of the easy-to-understand step-by-step tutorials of the Microsoft help provided to users. This article describes how to apply pre-defined security templates in Windows Server 2003. Microsoft Windows Server 2003 provides a number of security templates that help you increase the security of your network. You can edit them to suit your specific requirements by using the Security Templates component in Microsoft Management Console (MMC).

Security templates are pre-defined in Windows Server 2003

  1. Default security ( Setup security.inf )

    Setup security.inf is created during the installation process and is separate for each computer. Each computer has a different type of Setup security.inf depending on whether the installation program is completely new from the beginning or an upgrade. It shows the default security settings applied by the operating system during the installation process, including file permissions for the root of the system drive. This security template can be used for both servers and clients but cannot be applied to domain controllers. You can also use parts of this model for recovery if a risk situation appears.

    Do not apply the Setup security.inf using Group Policy because this can reduce the speed of system execution.

    Note : In Microsoft Windows 2000, two mixed security templates exist: ocfiless (for file servers) and ocfilesw (for workstations). In Windows Server 2003, both files are replaced by the Setup file security.inf .
  2. Default security for domain controllers ( DC security.inf )

    This template is created when the server is upgraded to a domain controller. It maps file, register, and system service default security settings. If you reapply this model, the settings will be set to the default value. However, this type of template can override privilege on new files, registry keys and system services created by other programs.
  3. Compatible ( Compatws.inf )

    This template changes file and register permissions that are allocated to members of the Users group, consistent with the requirements of most programs that are not included in the Windows Logo Program for Software. The Compatible model also removes all members of the Power Users group.

    For more information on the Windows Logo Program for Software, you can refer to the Microsoft website:

    http://www.microsoft.com/winlogo/default.mspx

    Note : Compatible models cannot be applied to domain controllers.
  4. Security ( Secure * .inf )

    Secure templates define advanced security settings that at least affect program compatibility. Examples include password definition, lockout mode and stronger auditing settings. In addition, these templates limit the use of LAN Manager and NTLM authentication protocols by configuring the client to only send NTLMv2 replies and configure the server to refuse to answer the LAN. Manager.

    There are two built-in security models in Windows Server 2003: Securews.inf for workstations and Securedc.inf domain controllers. For more information on how to use these models and some other security templates, you can search the Microsoft Help and Support Center for help with the " predefined security templates " keyword (the security templates) . available meaning).
  5. High security ( hisec * .inf )

    Highly Secure describes in detail the additional limitations not yet defined in Secure , such as the level of encryption and symbols needed for authentication and data exchange through secure channels, between the client and server Server Message Block (SMB).
  6. Secure system root directory ( Rootsec.inf )

    This template specifies the permissions of the root directory. By default, Rootsec.inf defines the permissions for the root file of the system drive. You can use this model to re-apply root directory privileges if they are randomly changed. Or you can edit this sample model to apply the same root permissions to many other departments. This pattern does not override explicit permissions defined in child objects; it only copies the inherited rights in those child objects.
  7. The template does not have a SID for Terminal Server users ( Notssid.inf )

    You can apply this template to remove the Windows Terminal Server security identifier (SID) from the file system and registry locations when the Terminal Services (Terminal Services) does not run. After you do this, system security will not be fully improved.

For more detailed information about all the pre-defined model models in Windows Server 2003, you can search in Microsoft's Help and Support Center help with the " predefined security templates " keyword.

Security usage is available in Windows Server 2003 Picture 1

Important : Execute a security model model on the domain controller can change the Default Domain Controller Policy or Default Domain Policy settings. The sample model used can override permissions on new files, registry keys and system services created by other programs. After using the security model, you may have to restore the old "policy". Before performing some of the following steps on the domain controller, create a backup of the SYSVOL share file.

Use a security template

  1. Go to Start , select Run , type mmc on the command box and click OK .
  2. On the File menu, click on the Snap-in Add / Remove button .
  3. Select Add .
  4. In the Available Stand Alone Snap-ins list , select Security Configuration and Analysis , click Add > Close and finally OK .
  5. In the left pane, click on Security Configuration and Analysis and see the instructions in the right pane.
  6. Right-click on Security Configuration and Analysis , select Open Database .
  7. In the File name box, type the name of the confused data file and click Open .
  8. Click on the security template you want to use, then click Open to enter the information in the form into the database.
  9. Right-click on Security Configuration and Analysis in the left pane and select Configure Computer Now .
4 ★ | 2 Vote

May be interested

  • Microsoft fixes a serious vulnerability that has existed for 17 years in Windows ServerMicrosoft fixes a serious vulnerability that has existed for 17 years in Windows Server
    the vulnerability has tracking code cve-2020-1350 and its official name is sigred. it has been in windows dns server for nearly two decades and has only recently been successfully handled by the efforts of microsoft experts with help from the checkpoint security security team.
  • Download Windows Server 2019 and discover new featuresDownload Windows Server 2019 and discover new features
    windows server 2019 preview adds features for super convergence, management, security, containers, and more. because microsoft has moved to gradually upgrade windows server, many of the features available in windows server 2019 have been used in corporate networks and these are its six best features.
  • Learn about firewalls, Windows Firewall on Windows Server 2012Learn about firewalls, Windows Firewall on Windows Server 2012
    windows firewall with advanced security is a firewall running on windows server 2012 and enabled by default. firewall installations in windows server 2012 are managed in the microsoft management console windows firewall.
  • 10 reasons to install Windows Server 200810 reasons to install Windows Server 2008
    the new server operating system recently released by microsoft: windows server 2008 (windows longhorn) is it really the best, most effective and secure server operating system? the answer depends on the specific user but even though
  • How to check CPU usage in Windows 11How to check CPU usage in Windows 11
    this guide will show you how to check your computer's cpu usage so you can learn how to catch things.
  • How to secure SSH serverHow to secure SSH server
    secure ssh connection helps you protect linux system and data. system administrators and home users also need to keep computers accessible from the public internet. here are 10 easy ways to help protect your ssh server.
  • Learn about the Security Configuration Wizard in Exchange Server 2007 - Part 1Learn about the Security Configuration Wizard in Exchange Server 2007 - Part 1
    in the following article, we will introduce you some basic characteristics of security configuration wizard - scw of exchange server 2007, with the main purpose of minimizing the possibility of attack on the system. exchange server by turning off services, ports, features and programs is not really necessary ...
  • Trick to start and shut down Windows Server 2012 computer in a blink of an eyeTrick to start and shut down Windows Server 2012 computer in a blink of an eye
    windows server 2012 is integrated with windows server security, so during a windows server 2012 shutdown, a dialog box will appear on the screen asking why you want to shutdown. this process takes a lot of time. therefore you should set up some options for windows server 2012 to start and shut down your computer faster, saving your valuable time.
  • Windows Server January Update causes Netlogon errorWindows Server January Update causes Netlogon error
    microsoft has just announced that the windows server security updates that have just been released in the january 2022 patch tuesday package can prevent applications and network devices from creating netlogon secure channels if installed on a domain controller.
  • Windows 7, Windows Server 2008 R2 will continue to be unofficially supported for another two yearsWindows 7, Windows Server 2008 R2 will continue to be unofficially supported for another two years
    back more than two years ago, when microsoft announced the end of software support for windows 7 and windows server 2008 r2, the company also received a lot of praise for implementing a program called extended security updates. (esu - roughly translated: extended security update).