Information Technology Reference
In-Depth Information
template and editing some settings appropriate for computers that don't require a high level
of security. Then you analyze the template settings against your Vista computer's current
security settings.
You create the security template on the Vista computer in this activity, but
you could create all your templates on a server share, and then access
them as needed from your workstations to perform a security configura-
tion analysis.
1. Log on to the domain from your Vista computer as Administrator.
2. Open the Local Security Policy MMC from Administrative Tools. Right-click
Security
Settings
and click
Export policy
. In the File name text box, type
LowSecurityWS
, and then
click
Save
. Close the Local Security Policy MMC.
3. Click
Start
, type
mmc
in the Start Search text box, and press
Enter
. Click
File
,
Add/Remove
Snap-in
from the menu. In the Available snap-ins list box, click
Security Templates
and click
Add
. Click
Security Configuration and Analysis
and click
Add
. Click
OK
.
4. Click
File
,
Save As
from the menu. In the Save in list box, click
Desktop
. Type
Security
in
the File name text box, and then click
Save
.
5. Click to expand
Security Templates
. Click to expand the folder under Security Templates,
and then click
LowSecurityWS
. (To create a new template from scratch, you right-click the
folder and click New Template.)
6. Click to expand
LowSecurityWS
and
Local Policies
, and then click
User Rights
Assignment
. In the right pane, double-click
Back up files and directories
. In the Properties
dialog box, verify that the
Define these policy settings in the template
check box is selected.
Click
Add User or Group
. In the User and group names text box, type
Users
, and then click
OK
twice.
7. Double-click
Change the time zone
. In the Properties dialog box, click
Users
, click the
Remove
button, and then click
OK
.
8. Double-click
Force shutdown from a remote system
. In the Properties dialog box, click
Add User or Group
. In the User and group names text box, type
Users
, and then click
OK
twice.
9. In the left pane, click
Security Options
. In the right pane, double-click
Accounts: Limit
local account use of blank passwords to console logon only
. Click
Disabled
, and then
click
OK
.
10. Double-click
Interactive logon: Do not require CTRL+ALT+DEL
. Click to select the
Define these policy settings in the template
check box, if necessary. Click
Enabled
, and
then click
OK
.
11. Right-click
LowSecurityWS
and click
Save
.
12. Click the
Security Configuration and Analysis
snap-in, then right-click it and click
Open
Database
. In the File name text box, type
wslowsec
, and then click
Open
. In the Import
Template dialog box, click
LowSecurityWS
, and then click
Open
. Read the message in the
right pane.
13. Right-click
Security Configuration and Analysis
and click
Analyze Computer Now
. Click
OK
.
14. Under Security Configuration and Analysis, expand
Local Policies
and then click
User Rights
Assignment
. You should see a window similar to Figure 7-22. Each policy has a Database
Setting column and a Computer Setting column. (The red and green indicators you see on
some policies were explained previously.)
15. Click the
Security Options
node to see the results of the analysis.
16. Close all open windows, but stay logged on to the Vista computer for the next activity. When
prompted to save the MMC, click
No
.
Search WWH ::
Custom Search