G
Graham Turner
this is a follow up to a previous post of mine titled "clear the database
before importing" which i closed on account of other issues but now it seems
down to the refresh of GPO values that are imported from a security template
file
we have used as a base line for the security of the domain controllers
security templates from Microsoft security operations guide
these have required modification to meet the site requirement
eg we have modified the startup value of the spooler service to a value
which is i think is the first value (changed from 4 to 2) after the service
name
the security template has been subsequenlty reimported following this change
but for some reason the value in the registry does not change
this suggests quite clearly that a previous value is "sticking" and contrary
to information in a previous post is not being overwritten as it should be
observed behaviour is that other registry values such as restrictanonymous
are being updated correctly
perhaps this is behaviour with refresh of service startup values ??
is this a known issue ??
would seem that the fix is to check the clear database before importing the
template file
wanted to understand the impact of this before doing so -
what database does this actually refer to ?
is it the GPO itself, and if so does it clear all values in the GPO or does
it read the template and only remove those in the template file ??
GT
before importing" which i closed on account of other issues but now it seems
down to the refresh of GPO values that are imported from a security template
file
we have used as a base line for the security of the domain controllers
security templates from Microsoft security operations guide
these have required modification to meet the site requirement
eg we have modified the startup value of the spooler service to a value
which is i think is the first value (changed from 4 to 2) after the service
name
the security template has been subsequenlty reimported following this change
but for some reason the value in the registry does not change
this suggests quite clearly that a previous value is "sticking" and contrary
to information in a previous post is not being overwritten as it should be
observed behaviour is that other registry values such as restrictanonymous
are being updated correctly
perhaps this is behaviour with refresh of service startup values ??
is this a known issue ??
would seem that the fix is to check the clear database before importing the
template file
wanted to understand the impact of this before doing so -
what database does this actually refer to ?
is it the GPO itself, and if so does it clear all values in the GPO or does
it read the template and only remove those in the template file ??
GT