Sie befinden sich aktuell in den Techblog - Tim Wanierke Blog-Archiven für den folgenden Tag 20.5.2010.
- Betriebsysteme (22)
- Hardware (12)
- Home (1)
- HOWTO / Guides (9)
- Microsoft (81)
- Performance Analyse (3)
- Programmieren (2)
- Projektmanagement (2)
- Tools (34)
- VMWare (10)
- Windows 2000 (11)
- Windows 2003 (14)
- Windows 2008 (30)
- Windows 7 (14)
- 13.3.2012: Dieser Blog "ruht" zur Zeit
- 25.8.2011: Authoritative Restore of Active Directory Objects
- 17.8.2011: User State Migration Tool GUI - MUST
- 12.8.2011: Auflisten von Änderungen eines Active Directory Objektes mittels "repadmin"
- 29.6.2011: PKI , Kerberos and Smart Cards
- 22.6.2011: Active Directory Domain member: Maximum machine account password age
- 16.6.2011: Export and import GPO from one domain to another
- 26.5.2011: Unable To Reconnect To Terminal Server In Application Mode
- 11.5.2011: How to use the EventCombMT utility to search event logs
- 5.5.2011: Phantoms, tombstones and the infrastructure master - Event ID 1419 generated on a domain controller
- März 2012
- August 2011
- Juni 2011
- Mai 2011
- März 2011
- Februar 2011
- Januar 2011
- Dezember 2010
- November 2010
- Oktober 2010
- September 2010
- August 2010
- Juli 2010
- Juni 2010
- Mai 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Juni 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
Archive für 20.5.2010
Define a policy template and apply this template using “secedit”
20.5.2010 von Tim Wanierke.
Create a new policy template
1. Open the MMC SnapIn “Security Templates“.
2. Create a new Template using the context menu “New Template“.
3. Define a name for the template
e.g. “DenyLogonLocally”
4. Define the policy as you want
e.g. Add a group name to the setting
“Local Policies -> User Rights Assignment -> Deny logon locally”
5. Save this policy template using the contect menu “Save as …“
This will create a .inf file e.g. “DenyLogonLocally.inf”
Apply a policy template using “secedit”
1. To apply the policy template create before for example on a DMZ Server
where no GPO can be applied just type in the following command.
secedit /configure /db %temp%\temp.sdb /cfg DenyLogonLocally.inf
This command will apply the settings that have been defined within the policy
template on the computer.
Links:
Security Templates : http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
Secedit : http://technet.microsoft.com/en-us/library/bb490997.aspx
Secedit : http://www.gruppenrichtlinien.de/index.html?/sec/secedit_in_der_CMD.htm
Geschrieben in Microsoft | Drucken | Keine Kommentare »