HOW TO: Manage Security Templates in Windows 2000 Server (321679)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q321679

IN THIS TASK

SUMMARY

This step-by-step article describes how to manage security templates in Windows 2000 server. A security template is a physical representation of a security configuration, and is a file where a group of security settings may be stored. Windows 2000 includes a set of security templates, and each template is based on the role of a computer, from security settings for low security domain clients to highly secure domain controllers. You can use these templates as they are provided, you can modify them, or use them as a basis for creating custom security templates.

back to the top

Starting Security Templates

  1. Decide whether to add security templates to an existing console or create a new console:
    • To create a new console, click Start, click Run, type mmc, and then click OK.
    • To add security templates to an existing console, open the console.
  2. On the Console menu, click Add/Remove Snap-in, and then click Add.
  3. Click Security Templates, click Add, click Close, and then click OK.
  4. On the Console menu, click Save.
  5. Type the name that you want to assign to this console, and then click Save.

    NOTE: The console appears in the My Documents folder.
back to the top

Customizing a Predefined Security Template

  1. In the Security Templates snap-in, double-click Security Templates.
  2. Double-click the default path folder (Systemroot\Security\Templates), and then right-click the predefined template that you want to modify.
  3. Click Save As, and then type a file name for the security template.
  4. Double-click the new security template to display the security policies (such as Account Policies), and then double-click the security policy that you want to modify.
  5. Click the security area that you want to customize (such as Password Policy), and then double-click the security attribute to modify (such as Minimum Password Length).
  6. Click to select the Define this policy setting in the template check box to allow editing.
back to the top

Defining a Security Template

  1. In the Security Templates snap-in, double-click Security Templates.
  2. Right-click the template path folder where you want to store the new template, and then click New Template.
  3. Type the name and description for your new security template. The new template then appears in the console tree.
  4. Double-click the new security template to display the security areas.
  5. Double-click the security policy (such as Account Policies) that you want to customize, and then click the security area (such as Password Policy).
  6. Double-click the security attribute that you want to configure (such as Minimum Password Length).
  7. Click to select the Define this policy setting in the template check box to allow editing.
back to the top

Deleting a Security Template

  1. In the Security Templates snap-in, double-click Security Templates.
  2. Double-click the template path folder where the security templates are stored, and then right-click the security template you want to delete.
  3. Click Delete.
back to the top

Refreshing the Security Template List

  1. In the Security Templates snap-in, double-click Security Templates.
  2. Double-click the template path folder where the security templates are stored.
  3. Click Refresh. The console tree displays any new additions or deletions.
back to the top

Setting a Description for a Security Template

  1. In the Security Templates snap-in, double-click Security Templates.
  2. Right-click Security Templates, the security template path folder, or a security template.
  3. Click Set Description.
back to the top

Applying a Security Template to a Local Computer

  1. In the Security Configuration and Analysis snap-in, right-click Security Configuration and Analysis.
  2. If a working database is not already set, click Open Database to set a working database.
  3. Click Import Template.
  4. Click a security template file, and then click Open.
  5. Repeat the previous step for each template that you want to merge into the database.
  6. Right-click Security Configuration and Analysis, and then click Configure System Now. Note that the security settings take effect immediately.
back to the top

Importing a Security Template to a Group Policy Object

  1. In a console from which you manage group policy settings, click the Group Policy object to which you want to import the security template.
  2. In the console tree, right-click Security Settings. Expand the following items:
    • Policy Object Name
    • Computer Configuration
    • Windows Settings
    • Security Settings
  3. Click Import Policy.
  4. Click the security template that you want to import. Note that the security settings are applied when the computer starts or as the group policy settings specify.
back to the top

Viewing Effective Security Settings

  1. In the console from which you manage group policy, double-click the Group Policy object.
  2. In the console tree, click Security Settings. Expand the following items:
    • Policy Object Name
    • Computer Configuration
    • Windows Settings
    • Security Settings
  3. Double-click a security policy node (such as Account Policies), and then click a security area (such as Password Policy).
  4. Double-click the security attribute that you want to view (such as Minimum Password Length). Note that security settings reflect both local policy and the policy in effect on the system. These may not be the same if the computer is inheriting group policy settings.
back to the top
Modification Type:MajorLast Reviewed:10/30/2003
Keywords:kbenv kbhowto kbHOWTOmaster kbui KB321679 kbAudITPro
©2003 Microsoft Corporation. All rights reserved.