NIST Security Template Problems

  • Thread starter Thread starter Cameron Frasnelly
  • Start date Start date
C

Cameron Frasnelly

We applied the NIST security template and it sets all machines
AutoAdminLogon registry values to 1??? When we look at the GPO in the AD
snapin there is NOT a registry entry for this. How can we fix it if we
can't see it????

Thanks for your time!
 
You can write a customer ADM file and import this into a policy. You can
use this adm file to set, or unset that registry setting
225087 Writing Custom ADM Files for System Policy Editor
http://support.microsoft.com/?id=225087

Hope this helps



M. Scott Sanders

MCSE, MCSA, MCP+I
Microsoft Enterprise Support
EPS Directory Services Team
 
Dear Cameron,

Thank you for your reply.

To modify the registry via group policy in Windows 2000, have you tried the
article KB225087 "Writing Custom ADM Files for System Policy Editor" as
Scott suggested?

For more information about writing an ADM file for group policy, see the
white paper ("Implementing Registry-Based Group Policy") at the following
Microsoft Web site:

http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/management/rbppaper
..asp

Please check the "Templates Specify the Registry Change" section in the
article.

In addition, if this does not work, you can enable audit to check the
registry keys change by following the instructions in the article below:

315416 HOW TO: Use Group Policy to Audit Registry Keys in Windows 2000
http://support.microsoft.com/?id=315416

Is the registry keys changed?

Hope the information is helpful.

Thanks and have a good day!

Regards,

Benny Fu
Microsoft Online Partner Support
Microsoft Corporation
Get Secure! – www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Reply-To: "Cameron Frasnelly" <[email protected]>
| From: "Cameron Frasnelly" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: NIST Security Template Problems
| Date: Wed, 30 Jul 2003 10:51:53 -0700
| Lines: 37
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.group_policy
| NNTP-Posting-Host: 207.109.248.35
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:11160
| X-Tomcat-NG: microsoft.public.win2000.group_policy
|
| No... doesn't help... is this a bug in Group Policies???
|
|
| | > You can write a customer ADM file and import this into a policy. You
can
| > use this adm file to set, or unset that registry setting
| > 225087 Writing Custom ADM Files for System Policy Editor
| > http://support.microsoft.com/?id=225087
| >
| > Hope this helps
| >
| >
| >
| > M. Scott Sanders
| >
| > MCSE, MCSA, MCP+I
| > Microsoft Enterprise Support
| > EPS Directory Services Team
| >
| >
| >
| > | > > We applied the NIST security template and it sets all machines
| > > AutoAdminLogon registry values to 1??? When we look at the GPO in the
| AD
| > > snapin there is NOT a registry entry for this. How can we fix it if
we
| > > can't see it????
| > >
| > > Thanks for your time!
| > >
| > >
| >
| >
|
|
|
 
Dear Cameron,

Thank you for your reply.

The issue may occur if the security template is coded incorrectly. Please
double check your NIST template to see if it is written correctly. Thank
you.

Have a good day!

Regards,

Benny Fu
Microsoft Online Partner Support
Microsoft Corporation
Get Secure! – www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Reply-To: "Cameron Frasnelly" <[email protected]>
| From: "Cameron Frasnelly" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: NIST Security Template Problems
| Date: Wed, 30 Jul 2003 10:51:53 -0700
| Lines: 37
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.group_policy
| NNTP-Posting-Host: 207.109.248.35
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:11160
| X-Tomcat-NG: microsoft.public.win2000.group_policy
|
| No... doesn't help... is this a bug in Group Policies???
|
|
| | > You can write a customer ADM file and import this into a policy. You
can
| > use this adm file to set, or unset that registry setting
| > 225087 Writing Custom ADM Files for System Policy Editor
| > http://support.microsoft.com/?id=225087
| >
| > Hope this helps
| >
| >
| >
| > M. Scott Sanders
| >
| > MCSE, MCSA, MCP+I
| > Microsoft Enterprise Support
| > EPS Directory Services Team
| >
| >
| >
| > | > > We applied the NIST security template and it sets all machines
| > > AutoAdminLogon registry values to 1??? When we look at the GPO in the
| AD
| > > snapin there is NOT a registry entry for this. How can we fix it if
we
| > > can't see it????
| > >
| > > Thanks for your time!
| > >
| > >
| >
| >
|
|
|
 
Back
Top