Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can I push out Local Security Policy Settings Remotely?

Status
Not open for further replies.
stephenmbell

stephenmbell

IS-IT--Management
Jan 7, 2004
109
US
Hello,


I have a network that I manage - it has 700 windows XP based PC's (SP2) in a total of 350 different locations.

These machines are accessible over a WAN connection from my desk - and they are not joined to any domain.

I am looking for a way to configure certain settings, specifically, the audit section in the Local Security Policy and then push these settings out to all of these machines. I have done some research but am not really sure if I have found what I am looking for. If there was a way to write a script to modify the registry or drop some files in the c:\windows\security\... folder(s)

On the surface, I know - setting the "local" security "remotely" doesn't make much sense at all - but this is a closed circuit network and the machines are not used as "traditional" desktops.

Any help or direction is greatly appreciated. Thanks in advance..

sb
 
Sort by date Sort by votes
Wouldn't GPO's only be applicable if my machines were a member of a domain?


Thanks for the replies
sb
 
Upvote 0 Downvote
"If you have no domain - you need to make the changes in one of the machine's Group Policy Editor (gpedit.msc) and copy the "Group Policy" folder in system32 to all other machines manually.
Click to expand...
source: Florian Frommherz MVP - Group Policy 2008



also take a look at:

Policies, No Domain





Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Look at using the command line tool secedit.exe to script the deployment of the security template.

- Understanding Windows Security Templates


- Creating a Custom Security Template Using the MMC Snap-in


- Secedit


- Baselining with Security Templates


If you have more than just a few computers that you need to configure, but you don’t have access or control over the GPOs in Active Directory, you can deploy security templates using a command line option. The command line tool is named SECEDIT.EXE and is the command line version of the SCA. Almost anything that you can do in the SCA you can also do with the SECEDIT tool.

SECEDIT can either be run on each computer, or it can be scripted to run automatically on many computers. The command that would deploy a security template on a computer is:

SECEDIT /configure /db db1.sdb cfg sectemplatename.inf /log logname.log

This will configure the local computer using a database name of db1.sdb, a security template name of sectplatename.inf, and a log file of logname.log. These names can be anything that you want. If you are scripting the command, you will want to place the security template file on a network share and use a network path to point the computer to the file.
Click to expand...

Joey
CCNA, MCSA 2003, MCP, A+, Network+, Wireless#
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Marguerite Bourgeois
  • Locked
  • Question
I have a document in which margins
Replies
2
Views
283
goombawaho
goombawaho
pmonett
  • Locked
  • Question
Cannot install Notes R12 1
Replies
13
Views
687
Rick998
Rick998
Okkie26
  • Locked
  • Question
Extend harddisk space, but extend is greyed out
Replies
6
Views
322
goombawaho
goombawaho
pmonett
  • Locked
  • Question
Here I am again - Windows 1 0 driving me nuts 1
2
Replies
29
Views
1K
goombawaho
goombawaho
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
506
bobadams52
bobadams52

Part and Inventory Search

Sponsor

Back
Top