Security Template Question

  • Thread starter Thread starter adfreak
  • Start date Start date
A

adfreak

Hello,

Something weird is happening. We're reviewing the MS "Enterprise Client -
Domain Controller.inf" security template. In the "Security Options"
sections, there is an option for LAN Manager Authentication Level and below
that two options dependent on what is selected for the LAN Man Auth Level:

Network Security: Minimum Session Security for NTLM SSP based clients
Network Security: Minimum Session Security for NTLM SSP based servers.

Last night, when I was reviewing the default inf settings, I saw the two
Network Security options within the template. I was using the Security
Templates snap in on a Windows 2003 Server. This morning, I opened up the
same snap in on a Windows 2000 Server and can no longer see those two
Network Secuirty Options?

Anyone know why?
 
Windows 2000 has different security options than Windows 2003. There are quite a bit
more options in Windows 2003. I would not recommend trying to apply W2003 templates
to a W2K computer. AFAIK there is only one setting for lan manager authentication
level for W2K. If you were just "viewing" them on a W2K computer, possibly W2K will
only display compatible options. --- Steve
 
I read that the W2K3 security templates are backwards compatible with W2K?
Can people confirm/deny that and if so, can you provide me with some links
to read about it?

Thanks
 
It is not that I think it would harm anything, just that results may not be what is
expected. In a Windows 2003 domain for instance, a Windows 2000 computer would have
only compatible settings apply which would be most settings. User rights in
particular are mostly, if not all, the same. There is more than a little difference
in security options as you experienced. You could view what was applied to a W2K
computer by looking at the "effective" settings in Local Security policy or use the
Security Configuration and Analysis tool using a datbase that you imported a W2003
template into. If you are planning to directly apply a security template to a W2K
computer, I would recommend using a Windows 2000 template so that you know exactly
what to expect. --- Steve
 
Back
Top