airbourne
MIS
- Sep 11, 2003
- 130
I have been working with "Security Configuration & Analysis" snap-in and also the "Local Group Policy" snap-in on a Windows 2000 server that is a standalone server.
I create my Local Group Policy template using the template editor and then I analyze the machine using the Security Configuration & Analysis tool. Once I am comfortable with the changes, I select 'Configure the computer now' which applies the template for group policy.
I then re-analyze the machine using Security Configuration & Analysis snap-in and it says that my template now matches the current computer policy configuration.
I reboot the server just to make sure all changes are in effect, then I open the Local Group Policy snap-in. I see that SOME of the settings have been changed and match my template. Example:
Event Log Sizes have been increased
Local password policies have been modified..
However, other settings do no appear to have changed according to GPEDIT, even though according to the Sec Config & Analysis snap-in, they have been changed on the computer.
Example: Sec Config & Analysis shows that the server is configured to use NTLM v2 authentication only and refuse all else, but GPEDIT.MSC shows that it will accept LM or NTLM authentication.
Is there a registry setting I can check to verify which tool is correctly reporting?
I create my Local Group Policy template using the template editor and then I analyze the machine using the Security Configuration & Analysis tool. Once I am comfortable with the changes, I select 'Configure the computer now' which applies the template for group policy.
I then re-analyze the machine using Security Configuration & Analysis snap-in and it says that my template now matches the current computer policy configuration.
I reboot the server just to make sure all changes are in effect, then I open the Local Group Policy snap-in. I see that SOME of the settings have been changed and match my template. Example:
Event Log Sizes have been increased
Local password policies have been modified..
However, other settings do no appear to have changed according to GPEDIT, even though according to the Sec Config & Analysis snap-in, they have been changed on the computer.
Example: Sec Config & Analysis shows that the server is configured to use NTLM v2 authentication only and refuse all else, but GPEDIT.MSC shows that it will accept LM or NTLM authentication.
Is there a registry setting I can check to verify which tool is correctly reporting?
