This is not a coincidence. Most of the settings that are available within the local security policy also exist here. Remember, the local security policy is used to lock down the OS, but the security templates are there to make sure that the OS stays locked down.
Therefore, you should configure the account policies and local policies so that they mimic the settings that you apply through the local security policy. In addition to the basic account policy and local policy settings, there are five other types of policy settings that you can implement.
These include:. When you finish defining security settings, right-click on the template that you have created and select the Save command from the shortcut menu to save your changes.
When Windows displays the list of available snap-ins, select the Security Configuration and Analysis snap-in, shown below, and then click the Add button, followed by the OK button. The first thing that you will need to do after loading the snap-in for the first time is to create a database. As you can see in the figure below, you can create a database by right-clicking on the Security Configuration and Analysis container, choosing the Open Database command from the shortcut menu, and then typing a name for a new database.
When you use this tool in the future, you can reuse the database that you are creating now. At this point, you will be prompted to load a security template for analysis. Select the security template that you had previously created, and click Open. Once you have imported the template, the tool is ready to use.
You can use the Security Configuration and Analysis tool to either configure a computer or to analyze a computer. For established Windows PCs, you will probably want to perform an analysis.
To do so, right-click on the Security Configuration and Analysis container, and select the Analyze Computer Now command from the shortcut menu. When prompted, enter the desired log file path, and click OK. The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.
To copy security settings from a predefined template to your custom template, follow these steps:. In the console tree, expand a predefined template that contains the settings that you want to copy, right-click the component that you want to copy, and then click Copy.
In the console tree, expand your custom template, right-click the appropriate component, and then click Paste. For example, to use the Account Policies settings from the Hisecdc template in your custom template, expand Hisecdc , right-click Account Policies , and then click Copy. Expand your custom template, right-click Account Policies , and then click Paste.
To create a new security template based on settings from a predefined template, save the predefined template by using another file name. To do so, follow these steps:. Do not apply Setup security. If you do so, you may experience decreased performance. In Microsoft Windows , two miscellaneous security templates exist, ocfiless for file servers and ocfilesw for workstations.
In Windows Server , these files have been superseded by the Setup security. This template is created when a server is promoted to a domain controller. It reflects file, registry, and system service default security settings. If you reapply this template, these settings are set to the default values. However, the template may overwrite permissions on new files, registry keys, and system services created by other programs.
This template changes the default file and registry permissions that are granted to the members of the Users group in a manner that is consistent with the requirements of most programs that do not belong to the Windows Logo Program for Software. The Compatible template also removes all members of the Power Users group. The Secure templates define enhanced security settings that are least likely to affect program compatibility. For example, the Secure templates define stronger password, lockout, and audit settings.
There are two predefined Secure templates in Windows Server Securews. For additional information about using these templates and other security templates, search Help and Support Center for "predefined security templates".
0コメント