Security Basics mailing list archives
RE: Windows Security Templates
From: Doug Massey <doug () masseytechnologies com>
Date: Wed, 20 Aug 2003 19:49:26 -0400
Roy, If you just need to deploy it on the box, that's just mass file copy. Enforcing the template requires the use of the executable secedit. In which case, you have to have system level impersonation to execute a command on each machine. VBS in a domain environment gives you this. you can set up a batch file with variables that calls another and executes the command with the .vbs file embedded. If you have any other services that can remotely execute commands, then a local batch file can do what you need as well. To deploy an .MSI on a box remotely, you have to be able to run msiexec.exe on the remote box AND pass command line switches, which, like the rest of the options on the table, requires ability to execute commands remotely. I worked in a strictly Novell shop where we used Novell's workstation manager to deploy and enfore security templates on Win2k boxes. ---- Original message ----
Date: Thu, 21 Aug 2003 09:12:06 +1000 From: "Hui, Roy" <Roy.Hui () team telstra com> Subject: RE: Windows Security Templates To: "Doug Massey" <doug () masseytechnologies com> Cc: <security-basics () securityfocus com> That was the only option on my table at the moment, but I
think doing
that to 300+ PCs here isn't the best way to do something. In response to Brendan Harrap's .msi suggestion, is there a
way to
deploy a MSI straight onto a box (similar to exec.vbs)
without placing
it in a logon or logoff policy? Thanks, RH -----Original Message----- From: Doug Massey [mailto:doug () masseytechnologies com] Sent: Thursday, 21 August 2003 4:24 AM To: Hui, Roy Cc: security-basics () securityfocus com Subject: RE: Windows Security Templates Try exec.vbs from the Windows 2000 resource kit. ---- Original message ----Date: Wed, 20 Aug 2003 10:17:41 +1000 From: "Hui, Roy" <Roy.Hui () team telstra com> Subject: RE: Windows Security Templates To: <security-basics () securityfocus com> Is there a way to execute a script across the entire
domain
using grouppolicy on a pure win2k active directory based
environment?
I am doingit via a logon script, but that doesn't give a completecoverage.Thanks, Roy -----Original Message----- From: McGill, Lachlan [mailto:mcgilll1 () anz com] Sent: Wednesday, 20 August 2003 9:18 AM To: jsansi () ritzfoodservice com; security-basics () securityfocus comSubject: RE: Windows Security Templates Use the secedit command in a batch file executed at logon. Plenty of info on secedit in help or online. -----Original Message----- From: Jimmy Sansi [mailto:jsansi () ritzfoodservice com] Sent: Wednesday, 20 August 2003 5:16 AM To: security-basics () securityfocus com Subject: Windows Security Templates I am trying to figure out a way of applying windows 2k andXP securitytemplates without having to visit each machine and use the SecurityConfiguration andAnalysis mmc. The other problem is we are using an NT domain (No ActiveDirectory) so wecan't use Group Policy to apply them. Any suggestions? Thanks, -Jimmy -----------------------------------------------------------
--
-------------- -----------------------------------------------------------
--
--------------- -----------------------------------------------------------
--
-------------- -----------------------------------------------------------
--
--------------- -----------------------------------------------------------
--
-------------------------------------------------------------------------
--
---------------Doug Massey Massey Technologies, Inc. 301-717-6404
Doug Massey Massey Technologies, Inc. 301-717-6404 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Windows Security Templates Jimmy Sansi (Aug 19)
- RE: Windows Security Templates Stephen C. Gay (Aug 19)
- snort configuration tools N30 (Aug 20)
- <Possible follow-ups>
- RE: Windows Security Templates McGill, Lachlan (Aug 19)
- RE: Windows Security Templates Hui, Roy (Aug 20)
- RE: Windows Security Templates Meidinger Chris (Aug 20)
- RE: Windows Security Templates McGill, Lachlan (Aug 20)
- RE: Windows Security Templates Doug Massey (Aug 20)
- RE: Windows Security Templates Hui, Roy (Aug 20)
- RE: Windows Security Templates Doug Massey (Aug 20)
- RE: Windows Security Templates Meidinger Chris (Aug 21)