How To Define Security Templates in the Security Templates Snap-in in Windows 2000 (313434)


The information in this article applies to:

  • Microsoft Windows 2000 Server
This article was previously published under Q313434

IN THIS TASK

SUMMARY

This step-by-step article describes how to define security templates in the Security Templates snap-in.

You can configure Windows 2000 system security by applying security templates. Security templates are text-based files that contain security settings for all of the security areas that are supported by the Security Configuration tool set. The Security Configuration tool set includes the following components:
  • The Security Templates MMC snap-in
  • The Security Configuration and Analysis snap-in
  • The Secedit.exe command-line utility
  • Security Settings extension to Group Policy
Security Templates can be used as provided, or you can create your own custom security templates by modifying the configuration of the built-in security templates. After you make changes to the security template, you can apply the changes to the system configuration. Security Templates can be applied to a local computer, a domain or an organizational unit.

back to the top

Create a Security Template Console

To create and define a security template by using the Security Templates snap-in:
  1. Click Start, click Run, type mmc, and then click OK.
  2. In the Console1 window, click Add/Remove Snap-in on the Console menu.
  3. In the Add/Remove Snap-in dialog box, click Add.
  4. In the Add Standalone Snap-in dialog box, click Security Templates, and then click Add. Click Close.
  5. In the Add/Remove Snap-in dialog box, click OK.
  6. In the Console1 window, expand the Security Templates node. Expand the \<system_root>\Security\Templates node to see a list of the available templates.
back to the top

Add a New Security Template to the Security Template Console

  1. Right-click \<system_root>\Security\Templates, and then click New Template.
  2. In the \<system_root>\Security\Templates dialog box, type the name of the new template in the Template name box. You can also type an optional description in the Description box. Click OK. A new template with the name you chose is created. There are no settings in the new template. Expand all nodes in the new template. Click on each node. All settings appear as Not defined.
  3. To define security settings for any of the options, right-click any of the entries in the right pane, and then click Security.
back to the top

Add a Restricted Group

  1. Right-click the Restricted Groups node, and then click Add Group.
  2. In the Select Groups dialog box, click a group, and then click OK.
  3. After the group is added, double-click the group to restrict membership.
back to the top

Set Security for the Registry

  1. Right-click the Registry node, and then click Add Key.
  2. In the Select Registry Key dialog box, click the registry key to which you want to add security, and then click OK.
  3. In the Database Security dialog box, set the appropriate permissions for the registry entry, and then click OK.
  4. In the Template Security Policy Setting dialog box, select how you want permissions to be inherited, and then click OK.
back to the top

Set Security for the File System

  1. Click the File System node, and then click Add File.
  2. In the Add a file or folder dialog box, click a file or folder that you want to add security to, and then click OK.
  3. In the Database Security dialog box, configure the appropriate permissions, and then click OK.
  4. Click OK in the Template Security Policy Setting dialog box.
back to the top

Copy Security Settings from Other Templates

You can copy security settings from other templates. For example, you may want to use the Account Policies from the hisecdc template:
  1. Right-click the Account Policies node in the hisecdc template, and then click Copy.
  2. Right-click the Account Policies node on your custom template, and then click Paste.
The custom template is now configured with the account policies that were part of the hisecdc template.

After you make the changes you want, right-click your custom template, and then click Save.

After you save the template, you can use the Security Configuration and Analysis tool or the Secedit.exe utility to apply the template security configuration to a computer.

back to the top

Create a New Security Template Using a Built-In Template

If you want to create a new security template by using one of the built-in templates as a model for the new template, you can save the built-in template under a new name. To copy the built-in template with a new name:
  1. Right-click the template you want to copy, and then click Save As.
  2. Type the new name of the template in the Save As dialog box, and then click Save. The console automatically refreshes, and you see the new template in the left pane of the console. You can then configure the new template with your custom settings. Remember to save the changes you make.
After you save the template, you can use the Security Configuration and Analysis tool or the Secedit.exe utility to apply the template security configuration to a computer.

back to the top


Modification Type:MinorLast Reviewed:7/15/2004
Keywords:kbenv kbhowto kbHOWTOmaster kbnetwork KB313434 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.