Using templates to implement Windows 2000 security

As you probably already know, Windows 2000 has hundreds (if not thousands) of security options. As a result, setting up a security policy that meets your company's needs is no small task. However, you can use security templates to make this monstrous job easier. In this article, I'll introduce you to the Windows 2000 security templates and provide you with a brief explanation of how to use them.

Security templates

A security template is actually nothing more than a configuration file. The purpose of a security template is to let you input all necessary security information into one place. Once you've created a security template containing all the necessary policies, you can apply it locally to other computers or make it a part of the Active Directory's group policy.

Like practically everything else in Windows 2000, security templates exist in the form of a Microsoft Management Console (MMC) snap-in. To access these templates, enter "MMC" command at the Run prompt to launch Microsoft Management Console. When Microsoft Management Console starts, select the Add / Remove Snap In command from the Console menu. When you see the Add/Remove Snap In dialog box, click the Add button. Now, select Security Templates from the list of available snap-ins and click the Add button. Now, click the Close button followed by OK.

At this point, you'll see all of the available security templates loaded into Microsoft Management Console. You can navigate through the various templates to see the security settings that they contain.

Each template found in the list is actually nothing more than an INF file. Each of these INF files can be found under %SystemRoot%\Security\Templates.

Each security template listed in the management console can be used as is or can be modified to meet your needs. You can even create custom templates. You can create a new template by navigating to Console Root|Security Template. Right-click on Security Templates and select the New Template command from the resulting context menu. In spite of the ability to create new templates, we recommend using or modifying existing templates whenever possible to reduce the burden associated with creating a security policy.

Once you've set up a template the way that you want it, you can either apply it to the local machines or make it a part of a group policy. We'll show you how to apply a template to a local machine in a future article, because a really cool security analyzer tool goes along with doing so, and space doesn't permit us to talk about this tool here. You can also make the template part of the group policy.

To make a template part of the group policy, select the group policy object that you want to modify in the Microsoft Management Console. Next, navigate to Windows Settings|Security Settings. Now, right-click on Security Settings and select the Import Policy command from the resulting context menu. When you do, you'll see a list of available security templates. Simply select the desired template and click OK.