policies manual Basic Policies setup question (1 viewing) (1) Guests
Favoured: 0
|
|
|
TOPIC: policies manual Basic Policies setup question
|
|
|
|
policies manual Basic Policies setup question
|
|
|
I am trying to setup Policies. I have a single NT 4.0 Server acting as the PDC and NT 4.0 Workstations. What security/permissions does the NETLOGON share need to have in order for the to store the NTconfig.pol file there and have clients access it in automatic mode? Also, I don't seem to be able to create policies for my NT Workstations on the NT Server machine? Is there a way to do this? I downloaded the Profiles and Policies manual from MS but I could not find this information in there. If I'm missing it, I'd appreciate a point in the right direction. Thanks for any help, Ed Lee
|
|
|
|
|
|
|
The administrator has disabled public write access. |
|
|
|
policies manual Basic Policies setup question
|
|
|
Also, I don't seem to be able to create policies for my NT Workstations on the NT Server machine? Is there a way to do this? You can. Try Add Computer from the file or edit menu (don't remember exactly). Sven
|
|
|
|
|
|
|
The administrator has disabled public write access. |
|
|
|
policies manual Basic Policies setup question
|
|
|
the NT Server machine? Is there a way to do this? You can. Try Add Computer from the file or edit menu (don't remember exactly). Got it working, thanks. Ed Lee - Hide quoted text -- Show quoted text - Sven
|
|
|
|
|
|
|
The administrator has disabled public write access. |
|
|
|
policies manual Basic Policies setup question
|
|
|
Thanks. Right now, my users have full access to %sysroot%system32repl_script_simport where the NTconfig.pol is stored. I'll trying changing that to read only. My network consists of only a single server so it IS the PDC that users are logging into. Is this a problem? Users are authenticated against the PDC. What I meant is, can users sit at the PDC and log in interactively? That would be a really open door to people who know what they do. Have a look at %sysroot%repair for example, that's where NT stores the information for the PDC's rescue disk, if you create one. If everybody can read that directory, they can easily obtain a copy of your SAM, let l0pthcrack have a look at it and thus obtain 95% of your domain's passwords on a rough guess. You can try to tighten NTFS security (or delete %sysroot%repair* after creating a new emergency disk) to ease your sleep, but keeping users out of interactive sessions at the PDC is generally the better idea. Sven
|
|
|
|
|
|
|
The administrator has disabled public write access. |
|
|
|
policies manual Basic Policies setup question
|
|
|
You can try to tighten NTFS security (or delete %sysroot%repair* after creating a new emergency disk) to ease your sleep, but keeping users out of interactive sessions at the PDC is generally the better idea. - Hide quoted text -- Show quoted text - Sven
|
|
|
|
|
|
|
The administrator has disabled public write access. |
|
|
|
|
-----------------------------------------------------------------------------------------------------------------------------------
|
|
|
|
