This article was previously published under Q234926
This article has been archived. It is offered "as is" and will no longer be updated.
Windows 2000 includes a set of text-based security template files that you can use to apply uniform security settings on computers within an enterprise.
You can apply these templates to group policy objects using the Group Policy Editor snap-in in Microsoft Management Console (MMC), or you can apply them directly to a specific computer using the Security Configuration and Analysis MMC snap-in.
The templates modify security settings incrementally and do not include the default security settings. The assumption is that the templates are to be applied to Windows 2000-based computers that have been installed cleanly, (that is, not upgraded from Microsoft Windows NT 4.0 or an earlier version of Windows). Computers that are upgraded from Windows NT do not use the default Windows 2000 security settings, but instead use whatever security settings were in place prior to the upgrade.
The Secure templates provide increased security for areas of the operating system that are not covered by permissions, including: increased security settings for the account policy, increased settings for auditing, and increased security settings for some well-known security-relevant registry keys. Access Control Lists (ACLs) are not modified by this template, because the assumption is that default Windows 2000 security settings are in effect.
Highly Secure: Hisecws.inf (Windows 2000 Professional) and Hisecdc.inf (domain controller)
The Highly Secure templates are provided for Windows 2000-based computers that operate in native Windows 2000 environments only. Requires that all network communications be digitally signed and encrypted at a level that can only be provided by Windows 2000. Computers configured with this template cannot communicate with downlevel Windows clients.