How to: Define a security template in the "security template" management unit of Windows 2000

Document directory

• Content of this task
• The information in this article applies:

Applicable

Content of this task

• Summary
• • Create a security template Console
  • Add a new security template to the security template Console
  • Add a Restricted Group
  • Set registry Security
  • Set File System Security
  • Copy security settings from other templates
  • Use a built-in template to create a new security template

Summary

This step-by-step guide describes how to define a security template in the security template Management Unit.

You can use the application security template to configure Windows 2000 system security. A security template is a text-based file that contains security settings for all security areas supported by the Security Configuration tool set. The Security Configuration tool set includes the following components:

• Security template MMC Management Unit
• Security Configuration and Analysis Management Unit
• Secedit.exe command line utility
• Extended security settings of group policies

You can use the provided security template or modify the configuration of the built-in security template to create a custom security template. After modifying the security template, you can apply the changes to the system configuration. You can apply a security template to a local computer, domain, or organizational unit.

Back to Top

Create a security template Console

To use the security template Management Unit to create and define a security template, perform the following steps:

1. ClickStart, ClickRun, TypeMMCAnd then clickOK.
2. In the console 1 window, clickConsoleOn the menuAdd/delete a Management Unit.
3. InAdd/delete a Management UnitIn the dialog box, clickAdd.
4. InAdd Independent Management UnitIn the dialog box, clickSecurity TemplateAnd then clickAdd. ClickClose.
5. InAdd/delete a Management UnitIn the dialog box, clickOK.
6. In the "console 1" window, expandSecurity TemplateNode. Expand\ <System_root> \ SECURITY \ templatesThe list of available templates is displayed.

Back to Top

Add a new security template to the security template Console

1. Right-click\ <System_root> \ SECURITY \ templatesAnd then clickAdd new template.
2. In\ <System_root> \ SECURITY \ templatesIn the dialog box, type the name of the new template in the "Template Name" box. You can also selectDescriptionEnter the description in the dialog box. ClickOK. You can create a new template named by the name you selected. The new template does not contain any settings. Expand All nodes in the new template. Click each node. All settings are displayed as "not defined ".
3. To define security settings for any options, right-click the item in the right pane, and then clickSecurity.

Back to Top

Add a Restricted Group

1. Right-clickRestricted GroupNode, and then clickAdd Group.
2. InSelect groupClick a group in the dialog box, and then clickOK.
3. After adding a group, double-click the group to restrict its members.

Back to Top

Set registry Security

1. Right-clickRegistryNode, and then clickAdd key.
2. InSelect registry keyIn the dialog box, click the Registry to add security, and then clickOK.
3. InDatabase Security SettingsIn the dialog box, select the appropriate permissions for the registry key, and then clickOK.
4. InTemplate security policy settingsIn the dialog box, select the expected permission inheritance method, and then clickOK.

Back to Top

Set File System Security

1. ClickFile SystemNode, and then clickAdd File.
2. In the Add file or folder dialog box, click the file or folder for which you want to add security, and then clickOK.
3. InDatabase Security SettingsIn the dialog box, configure the appropriate permissions, and then clickOK.
4. InTemplate security policy settingsIn the dialog box, clickOK.

Back to Top

Copy security settings from other templates

You can copy security settings from other templates. For example, you may want to use an account policy from the hisecdc template:

1. Right-clickAccount PolicyNode, and then clickCopy.
2. Right-clickAccount PolicyNode, and then clickPaste.

The Custom template is now configured using the account policy that was once part of the hisecdc template.

After making the changes, right-click your custom template and clickSave.

After saving the template, you can use the "Security Configuration and analysis" tool or the secedit.exe utility to apply the Security Configuration of the template to a computer.

Back to Top

Use a built-in template to create a new security template

If you want to use a built-in template as the model of the new template to create a new security template, you can save the built-in Template under the new name. To copy the built-in template with a new name, perform the following steps:

1. Right-click the template to be copied, and then clickSave.
2. InSaveIn the dialog box, type a new name for the template, and then clickSave. The console will automatically refresh and you will see the new template in the left pane of the console. Then you can use custom settings to configure the new template. Remember to save the changes.

After saving the template, you can use the "Security Configuration and analysis" tool or the secedit.exe utility to apply the Security Configuration of the template to a computer.

Back to Top

The information in this article applies:

• Microsoft Windows 2000 Server

Latest updates:	(2.0)
Keywords:	Kbenv kbhowto kbhowtomaster kbnetwork kb313434 kbauditpro