Microsoft KB Archive/325878

= HOW TO: Apply Registry and File System ACLs on Computers That Are Upgraded From Windows NT 4.0 to Windows Server 2003 =

PSS ID Number: 325878

Article Last Modified on 12/18/2003

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, 64-Bit Enterprise Edition

-



This article was previously published under Q325878



For a Microsoft Windows 2000 version of this article, see 313205.

IN THIS TASK

 * SUMMARY
 * ** How to Apply the Default System Security Settings to a Computer That Is Upgraded from Windows NT 4.0 to Windows Server 2003



SUMMARY
This step-by-step article describes how to apply registry access control lists (ACLs) and file system ACLs to computers that are upgraded from Microsoft Windows NT 4.0 to Windows Server 2003.

When you upgrade a Windows NT 4.0-based computer to Windows Server 2003, the registry and file system ACLs are not changed by Windows Setup. Windows Server 2003 permits a higher level of security, and it handles registry and file system permissions differently than Windows NT 4.0. Microsoft recommends that you apply Windows Server 2003 ACLs to computers that are upgraded from Windows NT 4.0.

To apply registry and file system ACLs, you can use the Security Configuration and Analysis snap-in. Note that you must be a member of the Administrators group to perform this procedure.

back to the top

How to Apply Default System Security Settings to a Computer That Is Upgraded from Windows NT 4.0 to Windows Server 2003

 * 1) Log on as Administrator or as a member of the Administrators group.
 * 2) Click Start, click Run, type mmc in the Open box, and then click OK.
 * 3) On the File menu, click Add/Remove Snap-in.
 * 4) Click Add, click Security Configuration and Analysis, click Add, click Close, and then click OK.
 * 5) In the console tree, right-click Security Configuration and Analysis, and then click Open Database.
 * 6) Specify a name (for example, upgdbase ) and a location for the database, and then click Open.
 * 7) In the Import Template dialog box that appears, click Setup Security.inf, and then click Open.
 * 8) Right-click Security Configuration and Analysis, and then click Analyze Computer Now.
 * 9) In the Perform Analysis dialog box that appears, accept the default path for the log file that is displayed in the Error log file path box or specify the location that you want, and then click OK.

The template security settings are compared to the existing computer settings.

NOTE: No changes are made to the computer at this time. The results of this procedure show where there are discrepancies between the security settings in the template and the actual system settings.
 * 1) When the analysis is complete, expand each component in the console tree -- for example, Account Policies, Local Policies, Event Log, Restricted Groups, and System Services.
 * 2) For each component that you expand in step 10, view its security attribute entries in the right pane in the Policy column, and then note the following:
 * 3) * An entry with a green check mark indicates that the current computer settings are the same as security settings in the database.
 * 4) * An entry with a red &quot;x&quot; indicates that the current computer settings are different from the security settings in the database.
 * 5) * If a green check mark or a red &quot;x&quot; is not displayed, a setting for this security attribute is not defined in the template and was not analyzed.

If you want to add or modify a database setting, right-click the security attribute that you want to add or modify, and then click Properties. Click to select the Define this policy in the database check box (if it is not already selected), make the changes that you want to the policy setting, and then click OK.

NOTE: The Database Setting column displays the security settings that are contained in the template, and the Computer Setting column displays the computer's current settings.
 * 1) To configure the computer to use the security settings in the database, right-click Security Configuration and Analysis, and then click Configure Computer Now.
 * 2) In the Configure System dialog box that appears, either accept the default path and log file name or type the path and file name that you want, and then click OK.

The security database configuration is applied to the computer.

NOTE: If there are conflicts between the database entries and the existing security configuration on the computer, the existing entries are overwritten unless you reconcile the differences in the security database before you configure the computer.

back to the top

Additional query words: kbmgmtsvc

Keywords: kbMgmtServices kbenv kbhowto kbHOWTOmaster KB325878

Technology: kbWinServ2003Data kbWinServ2003Data64bit kbWinServ2003Data64bitSearch kbWinServ2003DataSearch kbWinServ2003Ent kbWinServ2003Ent64bit kbWinServ2003Ent64bitSearch kbWinServ2003EntSearch kbWinServ2003Search kbWinServ2003St kbWinServ2003Web

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.