C
Chris Hall
Can someone tell me how to apply security templates to all PCs in a domain?
We have one domain, with multiple OUs.
We have one domain, with multiple OUs.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
L
Laura E. Hunter \(MVP\)
Once you've created/modified the security template that you want to use, you
will import it into a Group Policy Object. From the Group Policy Editor
(GPE), go to Computer Configuration, Windows Settings, Security Settings.
Right-click and choosing Import Policy. This process applies all the
settings you configured in the template to all the computers in the
container (e.g., site, domain, OU) that you link the Group Policy to.
will import it into a Group Policy Object. From the Group Policy Editor
(GPE), go to Computer Configuration, Windows Settings, Security Settings.
Right-click and choosing Import Policy. This process applies all the
settings you configured in the template to all the computers in the
container (e.g., site, domain, OU) that you link the Group Policy to.
C
Chris Hall
Thanks, Laura.
Laura E. Hunter (MVP) said:Once you've created/modified the security template that you want to use, you
will import it into a Group Policy Object. From the Group Policy Editor
(GPE), go to Computer Configuration, Windows Settings, Security Settings.
Right-click and choosing Import Policy. This process applies all the
settings you configured in the template to all the computers in the
container (e.g., site, domain, OU) that you link the Group Policy to.
S
Steven L Umbach
You can import templates into a GPO. Be very careful and test out templates ahead of
time - particularly in regard to digitally sign communications, lan manager
authentication level, additional restrictions for anonymous connections, and ipsec
policy. If you want to apply to all computers in the domain I suggest that you create
a new GPO in the domain container for just that purpose rather than importing it into
the default domain GPO. That will make it much easier to blackout if need be. Put the
new GPO at the top of the list and configure "no override" on it if you want to make
sure all domain computers [including domain controllers] have those settings applied
to them. I would read the links below before proceeding. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx
time - particularly in regard to digitally sign communications, lan manager
authentication level, additional restrictions for anonymous connections, and ipsec
policy. If you want to apply to all computers in the domain I suggest that you create
a new GPO in the domain container for just that purpose rather than importing it into
the default domain GPO. That will make it much easier to blackout if need be. Put the
new GPO at the top of the list and configure "no override" on it if you want to make
sure all domain computers [including domain controllers] have those settings applied
to them. I would read the links below before proceeding. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx