implementing security templates

  • Thread starter Thread starter juanp
  • Start date Start date
J

juanp

Hi,

I am juan from argentina.

I have a task of implementing some bestion hosts in the DMZ so im
implementing windows 2003 servers with the most tighten security
template from microsoft.

the problem is that after I implemented the template nothing worked so
I tried to roll back to setup security.inf which is the default
security policy and still nothing workrd ! so like a stupid, I had to
reinstall the server...

I have two questions:
1. was I doing something wrong?
2. is there a tool which tells me why the application cant run after
the implementing the security policy? maybe a tool which tells me that
this or that registry key is blocked or a spacific registry key doesnt
have enogh permissions etc..?

thanks a lot !

Juan
 
This doesn't seem like a Vista question.

Yes, you were trying to roll back a system's security settings to the
defaults. There is no way to do that. Setup Security.inf is just a log file
of settings that were made during setup, not the default settings. Some, but
not all, of the default settings are stored in dfltsrv.inf, but even that
won't get you back. I've discussed that before:
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths.

Now, if you had used SCW instead, you could have rolled much of it back.

There are tools that can be used to troubleshoot the problem. One of the
better is LUA Buglight, but it is specifically designed to find low-privilege
problems. It may help. If not, I documented a process for doing exactly what
you want to do in Protect Your Windows Network:
http://www.amazon.com/exec/obidos/ASIN/0321336437/protectyourwi-20.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"juanp" wrote:

> Hi,
>
> I am juan from argentina.
>
> I have a task of implementing some bestion hosts in the DMZ so im
> implementing windows 2003 servers with the most tighten security
> template from microsoft.
>
> the problem is that after I implemented the template nothing worked so
> I tried to roll back to setup security.inf which is the default
> security policy and still nothing workrd ! so like a stupid, I had to
> reinstall the server...
>
> I have two questions:
> 1. was I doing something wrong?
> 2. is there a tool which tells me why the application cant run after
> the implementing the security policy? maybe a tool which tells me that
> this or that registry key is blocked or a spacific registry key doesnt
> have enogh permissions etc..?
>
> thanks a lot !
>
> Juan
>
>
 
Back
Top