Security Template Question

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

Something weird is happening. We're reviewing the MS "Enterprise Client -
Domain Controller.inf" security template. In the "Security Options"
sections, there is an option for LAN Manager Authentication Level and below
that two options dependent on what is selected for the LAN Man Auth Level:

Network Security: Minimum Session Security for NTLM SSP based clients
Network Security: Minimum Session Security for NTLM SSP based servers.

Last night, when I was reviewing the default inf settings, I saw the two
Network Security options within the template. I was using the Security
Templates snap in on a Windows 2003 Server. This morning, I opened up the
same snap in on a Windows 2000 Server and can no longer see those two
Network Secuirty Options?

Anyone know why?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Windows 2000 has different security options than Windows 2003. There are quite a bit
more options in Windows 2003. I would not recommend trying to apply W2003 templates
to a W2K computer. AFAIK there is only one setting for lan manager authentication
level for W2K. If you were just "viewing" them on a W2K computer, possibly W2K will
only display compatible options. --- Steve

"adfreak" <rtivnan@comcast.net> wrote in message
news:uJPufGQZEHA.2500@TK2MSFTNGP09.phx.gbl...
> Hello,
>
> Something weird is happening. We're reviewing the MS "Enterprise Client -
> Domain Controller.inf" security template. In the "Security Options"
> sections, there is an option for LAN Manager Authentication Level and below
> that two options dependent on what is selected for the LAN Man Auth Level:
>
> Network Security: Minimum Session Security for NTLM SSP based clients
> Network Security: Minimum Session Security for NTLM SSP based servers.
>
> Last night, when I was reviewing the default inf settings, I saw the two
> Network Security options within the template. I was using the Security
> Templates snap in on a Windows 2003 Server. This morning, I opened up the
> same snap in on a Windows 2000 Server and can no longer see those two
> Network Secuirty Options?
>
> Anyone know why?
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I read that the W2K3 security templates are backwards compatible with W2K?
Can people confirm/deny that and if so, can you provide me with some links
to read about it?

Thanks
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:5DeHc.47082$Oq2.39584@attbi_s52...
> Windows 2000 has different security options than Windows 2003. There are
quite a bit
> more options in Windows 2003. I would not recommend trying to apply W2003
templates
> to a W2K computer. AFAIK there is only one setting for lan manager
authentication
> level for W2K. If you were just "viewing" them on a W2K computer, possibly
W2K will
> only display compatible options. --- Steve
>
> "adfreak" <rtivnan@comcast.net> wrote in message
> news:uJPufGQZEHA.2500@TK2MSFTNGP09.phx.gbl...
> > Hello,
> >
> > Something weird is happening. We're reviewing the MS "Enterprise
Client -
> > Domain Controller.inf" security template. In the "Security Options"
> > sections, there is an option for LAN Manager Authentication Level and
below
> > that two options dependent on what is selected for the LAN Man Auth
Level:
> >
> > Network Security: Minimum Session Security for NTLM SSP based clients
> > Network Security: Minimum Session Security for NTLM SSP based servers.
> >
> > Last night, when I was reviewing the default inf settings, I saw the two
> > Network Security options within the template. I was using the Security
> > Templates snap in on a Windows 2003 Server. This morning, I opened up
the
> > same snap in on a Windows 2000 Server and can no longer see those two
> > Network Secuirty Options?
> >
> > Anyone know why?
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

It is not that I think it would harm anything, just that results may not be what is
expected. In a Windows 2003 domain for instance, a Windows 2000 computer would have
only compatible settings apply which would be most settings. User rights in
particular are mostly, if not all, the same. There is more than a little difference
in security options as you experienced. You could view what was applied to a W2K
computer by looking at the "effective" settings in Local Security policy or use the
Security Configuration and Analysis tool using a datbase that you imported a W2003
template into. If you are planning to directly apply a security template to a W2K
computer, I would recommend using a Windows 2000 template so that you know exactly
what to expect. --- Steve


"adfreak" <rtivnan@comcast.net> wrote in message
news:OvEGzVRZEHA.2456@TK2MSFTNGP10.phx.gbl...
> I read that the W2K3 security templates are backwards compatible with W2K?
> Can people confirm/deny that and if so, can you provide me with some links
> to read about it?
>
> Thanks
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:5DeHc.47082$Oq2.39584@attbi_s52...
> > Windows 2000 has different security options than Windows 2003. There are
> quite a bit
> > more options in Windows 2003. I would not recommend trying to apply W2003
> templates
> > to a W2K computer. AFAIK there is only one setting for lan manager
> authentication
> > level for W2K. If you were just "viewing" them on a W2K computer, possibly
> W2K will
> > only display compatible options. --- Steve
> >
> > "adfreak" <rtivnan@comcast.net> wrote in message
> > news:uJPufGQZEHA.2500@TK2MSFTNGP09.phx.gbl...
> > > Hello,
> > >
> > > Something weird is happening. We're reviewing the MS "Enterprise
> Client -
> > > Domain Controller.inf" security template. In the "Security Options"
> > > sections, there is an option for LAN Manager Authentication Level and
> below
> > > that two options dependent on what is selected for the LAN Man Auth
> Level:
> > >
> > > Network Security: Minimum Session Security for NTLM SSP based clients
> > > Network Security: Minimum Session Security for NTLM SSP based servers.
> > >
> > > Last night, when I was reviewing the default inf settings, I saw the two
> > > Network Security options within the template. I was using the Security
> > > Templates snap in on a Windows 2003 Server. This morning, I opened up
> the
> > > same snap in on a Windows 2000 Server and can no longer see those two
> > > Network Secuirty Options?
> > >
> > > Anyone know why?
> > >
> > >
> >
> >
>
>