XP lockdwon according to National Security Standards - GPO???

[Guest]

I would rather lockdown our xp clients according to the NSA guidelines with a
gpo managed by the AD then by using a script, anyone do this before?

 

[Steven L Umbach]

If they have security templates [they did for Windows 2000] then you can use
the security template by importing them into the security settings of an OU.
You can review the security templates by using the mmc snapin for security
templates to see exactly what settings they apply and you can also use the
mmc snapin for Security Configuration and Analysis to see how the security
template compares to the current computer configuration. You can create your
own security templates starting from a blank one or copying an existing
one. --- Steve

 

[Jake]

Thanks, so I got this .ini file with the settings that the corp wants put in
place, so I can view them, it looks like there are C drive permissions
changed through the template, I haven't seen that before, is that possible?
If the ini file is normally run as a script and I import it to the mmc and
view it as a security template, then is it the same? If I import it into a
gpo as well and apply that, then will the pc get all the settings? I guess
I don't know what the difference is between applying it through a script or
a gpo?

If they have security templates [they did for Windows 2000] then you can
use the security template by importing them into the security settings of
an OU. You can review the security templates by using the mmc snapin for
security templates to see exactly what settings they apply and you can
also use the mmc snapin for Security Configuration and Analysis to see how
the security template compares to the current computer configuration. You
can create your own security templates starting from a blank one or
copying an existing one. --- Steve

I would rather lockdown our xp clients according to the NSA guidelines
with a
gpo managed by the AD then by using a script, anyone do this before?