Announcement

Collapse
No announcement yet.

Security Templates

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Templates

    Hi

    I have several servers in my network.
    One of them is running sql server.
    I wanted to use security templates thru GPO, so I can let a user control some services.
    But when I opened the templates on my DC, I can see only the services on the DC itself, and not on the sql server.


    What I did wrong?

    Thanks Yaniv

  • #2
    Re: Security Templates

    Why not configure the SQL server itself?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Security Templates

      u have opened the local security template.... open the domain contoller gpo setting wil comprises the setting of all dc in ur domain....and then check out the security template....

      Comment


      • #4
        Re: Security Templates

        1. The SQL server is not a Domain Controller.
        2. I tried to configure the SQL server itself, but with no luck.

        Maybe I made a mistake, how should I do that?

        Thanks
        Yaniv

        Comment


        • #5
          Re: Security Templates

          Follow these steps:
          1. On the SQL server open an MMC and add the Security Templates snap-in and the Security Configuration and Analysis snap-in
          2. Under the Security Templates snap-in, right-click on templates directory (C:\windows... or whatever) and select New Template and give it a name
          3. Configure the security for the service(s) you want
          4. Right-click the template and select Save
          5. Right-click Security Configuration and Analysis and select Open Database... and type in the name you want to use for the database (it will create it)
          6. It prompts you to select a template. Choose the one you just created in step 2
          7. Right-click Security Configuration and Analysis and select Configure Computer Now

          That should do it.
          HTH
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Security Templates

            After looking at what you wrote, I found my mistake.
            Forgot to click on the "save" for the template...

            First of all Thanks

            Second, is there any place where I can look at the permissions?

            Thanks again
            Yaniv Hoobian
            Last edited by Yaniv Hoobian; 7th December 2006, 11:14.

            Comment


            • #7
              Re: Security Templates

              Another question,
              How can I remove what I configured?

              Comment


              • #8
                Re: Security Templates

                To look at the permissions use the Security Configuration and Analysis snap-in and instead of selecting Configure Now, select Analyze Now. It will compare the template you have loaded and the actual configuration of the computer.

                There is no real way of removing the settings with Security Configuration and Analysis. You have to just reconfigure the settings you want to change. However, I'm pretty sure the secedit utility has a feature where you can create a roll back database but it's been awhile since I looked at it.
                Last edited by JeremyW; 12th December 2006, 15:48. Reason: netsh!?!?! What was I thinking?!!
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Security Templates

                  Apply the "Setup Security" template?
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Security Templates

                    Originally posted by Ossian View Post
                    Apply the "Setup Security" template?
                    Yeah, that would work as long as there were no changes made that you want to keep since the install.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Security Templates

                      Well. That didn't change anything.
                      The user can stop and start the service.

                      Comment


                      • #12
                        Re: Security Templates

                        The "setup security" didn't change it.

                        What shell I do?

                        Comment


                        • #13
                          Re: Security Templates

                          Originally posted by Yaniv Hoobian View Post
                          The "setup security" didn't change it.

                          What shell I do?

                          Run through these steps again, this time changing the security settings so that the user(s)/group(s) can't start and stop the service.

                          Originally posted by JeremyW View Post
                          Follow these steps:
                          1. On the SQL server open an MMC and add the Security Templates snap-in and the Security Configuration and Analysis snap-in
                          2. Under the Security Templates snap-in, right-click on templates directory (C:\windows... or whatever) and select New Template and give it a name
                          3. Configure the security for the service(s) you want
                          4. Right-click the template and select Save
                          5. Right-click Security Configuration and Analysis and select Open Database... and type in the name you want to use for the database (it will create it)
                          6. It prompts you to select a template. Choose the one you just created in step 2
                          7. Right-click Security Configuration and Analysis and select Configure Computer Now

                          That should do it.
                          HTH
                          Regards,
                          Jeremy

                          Network Consultant/Engineer
                          Baltimore - Washington area and beyond
                          www.gma-cpa.com

                          Comment


                          • #14
                            Re: Security Templates

                            Well, I did what you suggested, and of course it worked.

                            But is there any other way to rollback changes?


                            Thanks
                            Yaniv Hoobian

                            Comment


                            • #15
                              Re: Security Templates

                              All I can do is repost this...(and correct my mental error)
                              Originally posted by JeremyW View Post
                              To look at the permissions use the Security Configuration and Analysis snap-in and instead of selecting Configure Now, select Analyze Now. It will compare the template you have loaded and the actual configuration of the computer.

                              There is no real way of removing the settings with Security Configuration and Analysis. You have to just reconfigure the settings you want to change. However, I'm pretty sure the secedit utility has a feature where you can create a roll back database but it's been awhile since I looked at it.
                              Check out this link and look at the /GenerateRollback switch.
                              http://technet2.microsoft.com/Window....mspx?mfr=true
                              Regards,
                              Jeremy

                              Network Consultant/Engineer
                              Baltimore - Washington area and beyond
                              www.gma-cpa.com

                              Comment

                              Working...
                              X