RE: [ActiveDir] OT: Security Template Docs

John Hicks/MIS/HQ/KEMET/US Thu, 03 Oct 2002 09:26:17 -0700

$)C
Ok, thanks for the help, I will play around with it and see what I can get.

Thanks

"Darren Sykes" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

10/03/2002 12:37 PM

Please respond to
[EMAIL PROTECTED]

To	<[EMAIL PROTECTED]>
cc
Subject	RE: [ActiveDir] OT: Security Template Docs

To be completely honest, I can!/t remember; It!/s been a while since I did it.
It!/s easily tested though ? create a folder in the root with a couple of subfolder and apply the template with secedit.
The key to it is that as far as I remember, the settings are applied in order of appearance in the file. Have a play, and see what happens!
I!/d guess that the !.do not allow permissions to be replaced!/ would override the !.replace existing permissions!/ at a higher level.

Darren.

-----Original Message-----
From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]]
Sent: 03 October 2002 17:33
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Security Template Docs

I am using the mmc console. I do see the options for propagation of settings, at first I was setting them to Propagate Inheritable permission's to all subfolders and files. If I set my needed permission's at the root of C: would I choose to replace existing permission's on subfolders and files or propagate inheritable permission's? and will it apply them to every folder and file on that drive? I have a few folders in WINNT that will have slightly different permission's, so on those folders would I select to not allow permission's on this file or folder to be replaced? As I am sure you can see I am not sure exactly what to do, this is why I am looking for a some best practices docs or some type of good reference material to make myself more familiar with this process.

Thanks

"Darren Sykes" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

10/03/2002 12:13 PM

Please respond to
[EMAIL PROTECTED]

To	<[EMAIL PROTECTED]>
cc
Subject	RE: [ActiveDir] OT: Security Template Docs

John,

That!/s a tad confusing. When you say that you!/re looking through the templates, you are using the MMC snap-in aren!/t you?
When looking at file/registry permissions the option regarding propagation of settings is on the first page, before you have the opportunity to modify the DACL.

Darren.

-----Original Message-----
From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]]
Sent: 03 October 2002 17:07
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Security Template Docs

I posted a message earlier about a security template that I am working on. I am going by a article on the SANS site and it is based on manually applying NTFS and registry permission's on each machine. I am trying to accomplish the same thing through a security template. I looked through the basicdc and basicsv template and it looks like these are applying the needed permission's on a file by file basis. I was wondering if this is the way ti had to be done when using these templates, or if I can make the change at the folder level and have the changes applied to all files. I think I am confusing myself with this stuff, so please excuse my ignorance on the topic. Does anyone have any links to docs or articles on the topic? Any help would be greatly appreciated.

Thanks

********************************************************************************************************
This e-mail is from Energis Communications Ltd, 50 Victoria Embankment, London, EC4Y 0DE, United
Kingdom, No: 2630471.

This e-mail is confidential to the addressee and may be privileged. The views
expressed are personal and do not necessarily reflect those of Energis. If you are not
the intended recipient please notify the sender immediately by calling our switchboard on
+44 (0) 20 7206 5555 and do not disclose to another person or use, copy or forward
all or any of it in any form.

********************************************************************************************************

RE: [ActiveDir] OT: Security Template Docs

Reply via email to