When you upgrade a Windows NT 4.0-based computer to Windows Server 2003, Windows Installer does not change the registry and file system ACLs. Windows Server 2003 allows for a higher level of security, and it handles registry and file system permissions differently than Windows NT 4.0. Microsoft recommends that you apply Windows 2003 ACLs to computers that are upgraded from Windows NT 4.0.
To apply the registry and file system ACLs, you can use the Security Configuration and Analysis snap-in at the home of the system. Note that you must be a member of the "Administrators" group to perform this procedure.
How to apply the default system security settings on a computer that is upgraded from Windows NT 4.0 to Windows Server 2003 to log on as a member of the "Administrator" or "Administrators" group.
Click Start, click Run, type mmc in the Open box, and then click OK.
On the File menu, click Add/Remove Snap-in.
Click Add, expand Security Configuration and Analysis, click Close, and then click OK.
In the console tree, right-click Security Configuration and Analysis, and then click Open Database.
Specify the name of the database (for example, Upgdbase) and location, and then click Open.
On the screen that appears in the Import Template dialog box, click Set Security.inf, and then click Open.
Right-click Security Configuration and Analysis, and then click Analyze Computer Now.
In the Perform Analysis dialog box that appears on the screen, accept the default log file path that is displayed in the Error log file path box, or specify the location that you want, and then click OK.
The template security settings are compared to the existing computer settings.
Note: No changes are made to the computer at this time. The results of this process indicate how the security settings in the template differ from the actual system settings.
When you are finished analyzing, expand the various components in the console tree, such as: Account policies, local policies, event logs, restricted groups, XP system downloads, and system services.
For each component that you expand in step 10th, view its Security property entry in the right pane of the policy column, and note the following:
Items with a green check mark indicate that the current computer settings are the same as the security settings in the database.
Items with a red "X" indicate that the current computer settings are different from the security settings in the database.
If a green check mark or red "x" is not displayed, this security attribute is not defined in the template and is not parsed.
If you want to add or modify database settings, right-click the security property that you want to add or modify, and then click Properties. Click the Define this policy in the Database check box, select it (if it is not already selected), make the required changes to the policy setting, and then click OK.
Note: The Database Settings column displays the security settings contained in the template, and the Win7 Ultimate Computer Settings column displays the computer's current settings.
To configure your computer to use security settings in the database, right-click Security Configuration and Analysis, and then click Configure Computer Now.
In the Configure System dialog box that appears on the screen, accept the default path and log file name, or type the path and file name that you want, and then click OK.
The security database configuration is applied to the computer.
Note: If there is a conflict between the database project and the existing security configuration on the computer, unless you remove the difference between the two before you configure the computer, the win7 system download overwrites the existing project.