Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Security Templates

From: Doug Massey <doug () masseytechnologies com>
Date: Wed, 20 Aug 2003 19:49:26 -0400
Roy,
If you just need to deploy it on the box, that's just mass 
file copy.  Enforcing the template requires the use of the 
executable secedit.  In which case, you have to have system 
level impersonation to execute a command on each machine.  
VBS in a domain environment gives you this.  you can set up 
a batch file with variables that calls another and executes 
the command with the .vbs file embedded.  If you have any 
other services that can remotely execute commands, then a 
local batch file can do what you need as well.
To deploy an .MSI on a box remotely, you have to be able to 
run msiexec.exe on the remote box AND pass command line 
switches, which, like the rest of the options on the table, 
requires ability to execute commands remotely.  
I worked in a strictly Novell shop where we used Novell's 
workstation manager to deploy and enfore security templates 
on Win2k boxes.


---- Original message ----

Date: Thu, 21 Aug 2003 09:12:06 +1000
From: "Hui, Roy" <Roy.Hui () team telstra com>  
Subject: RE: Windows Security Templates  
To: "Doug Massey" <doug () masseytechnologies com>
Cc: <security-basics () securityfocus com>

That was the only option on my table at the moment, but I 

think doing

that to 300+ PCs here isn't the best way to do something.

In response to Brendan Harrap's .msi suggestion, is there a 

way to

deploy a MSI straight onto a box (similar to exec.vbs) 

without placing

it in a logon or logoff policy?

Thanks,
RH

-----Original Message-----
From: Doug Massey [mailto:doug () masseytechnologies com] 
Sent: Thursday, 21 August 2003 4:24 AM
To: Hui, Roy
Cc: security-basics () securityfocus com
Subject: RE: Windows Security Templates

Try exec.vbs from the Windows 2000 resource kit.

---- Original message ----

Date: Wed, 20 Aug 2003 10:17:41 +1000
From: "Hui, Roy" <Roy.Hui () team telstra com>  
Subject: RE: Windows Security Templates  
To: <security-basics () securityfocus com>

Is there a way to execute a script across the entire 

domain 

using group

policy on a pure win2k active directory based 

environment?  

I am doing

it via a logon script, but that doesn't give a complete 

coverage.


Thanks,
Roy

-----Original Message-----
From: McGill, Lachlan [mailto:mcgilll1 () anz com] 
Sent: Wednesday, 20 August 2003 9:18 AM
To: jsansi () ritzfoodservice com; security-

basics () securityfocus com

Subject: RE: Windows Security Templates

Use the secedit command in a batch file executed at logon.

Plenty of info on secedit in help or online.

-----Original Message-----
From: Jimmy Sansi [mailto:jsansi () ritzfoodservice com]
Sent: Wednesday, 20 August 2003 5:16 AM
To: security-basics () securityfocus com
Subject: Windows Security Templates


I am trying to figure out a way of applying windows 2k and 

XP security

templates without
having to visit each machine and use the Security 

Configuration and

Analysis
mmc. The
other problem is we are using an NT domain (No Active 

Directory) so we

can't
use Group
Policy to apply them.

Any suggestions?

Thanks,
-Jimmy


-----------------------------------------------------------

--

-----------

---
-----------------------------------------------------------

--

-----------

----


-----------------------------------------------------------

--

-----------

---
-----------------------------------------------------------

--

-----------

----


-----------------------------------------------------------

--

--------------

-----------------------------------------------------------

--

---------------



Doug Massey
Massey Technologies, Inc.
301-717-6404

Doug Massey
Massey Technologies, Inc.
301-717-6404

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: