Microsoft KB Archive/309689

= How to apply predefined security templates in Windows 2000 =

Article ID: 309689

Article Last Modified on 10/29/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q309689



IN THIS TASK
SUMMARY
 * Security Templates
 * How to Apply a Security Template

REFERENCES



SUMMARY
Windows 2000 includes several pre-defined security templates that you can apply to increase the level of security for computers that are running either Windows 2000 Professional or Windows 2000 Server. These security templates are plain text files that you manually edit by using text editor such as Notepad. However, it is recommended that you use the Security Templates Microsoft Management Console (MMC) to make changes to these templates. This article describes how to apply predefined security templates.

Important Implementing a security template on a domain controller may change the settings of the Default Domain Controller Policy or the Default Domain Policy. The applied template may overwrite permissions on new files, registry keys and system services created by other programs. Restoring these policies may be required after you apply a security template. Before you follow these steps on a domain controller, create a backup of the SYSVOL share.

back to the top

Security Templates
There are four categories of pre-built security templates:
 * Basic
 * Secure
 * High Secure
 * Miscellaneous

The basic, secure, and high security templates represent increasing levels of security. The miscellaneous templates include compatibility templates, optional components templates, and original setup security templates.

The basic templates include:
 * Basicdc: Applies a basic level of security for domain controllers.
 * Basicsv: Provides a basic level of security for file and print servers.
 * Basicwk: Provides a basic level of security for workstations.

Higher-level security templates include:
 * Securedc: Provides a higher level of security for domain controllers.
 * Securews: Provides a higher level of security for workstations.

The following templates provide the highest level of security for Windows 2000-based computers but are not compatible with network connectivity with other Windows operating systems:
 * Hisecdc
 * Hisecws

Miscellaneous security templates include:
 * ocfiless: Used for file servers.
 * ocfilesw: Used for workstations.
 * setup security: Applies the default Windows 2000 security configuration.

These security templates add security settings for optional components such as Terminal Services and certificate services.

back to the toc

How to Apply a Security Template
You can apply security template settings by using the Security Configuration and Analysis snap-in. When you use this snap-in, you can import security templates and apply them to a computer, site, domain, or to an organizational unit. You can apply the security settings to a local computer configuration or to a Group Policy Object. You can also use this tool to analyze the security settings for a local computer or for a Group Policy Object.

To apply security template settings:
 * 1) At a command prompt, type mmc.
 * 2) Click Add/Remove Snap-in on the Console menu.
 * 3) Click Add in the Add/Remove Snap-in dialog box.
 * 4) In the Add Standalone Snap-in dialog box, click the Security Configuration and Analysis snap-in, click Add, click Close, and then click OK.
 * 5) To create a new security database, right-click the Security Configuration and Analysis node in the left pane, and then click Open Database.
 * 6) Type a name for the database in the Open database dialog box, and then click Open.
 * 7) In the Import Template dialog box, click the security template that you want to apply, and then click Open.
 * 8) Right-click the Security Configuration and Analysis node in the left pane, and then click Configure Computer Now.

Note You can save security templates with a different name and then imported the templates into the database. You can make granular changes to the security template and apply those changes incrementally with the Security Configuration and Analysis snap-in.

back to the top

