How to apply predefined security templates in Windows 2000

This article was previously published under Q309689
This article has been archived. It is offered "as is" and will no longer be updated.
Windows 2000 includes several pre-defined security templates that you can apply to increase the level of security for computers that are running either Windows 2000 Professional or Windows 2000 Server. These security templates are plain text files that you manually edit by using text editor such as Notepad. However, it is recommended that you use the Security Templates Microsoft Management Console (MMC) to make changes to these templates. This article describes how to apply predefined security templates.

Important Implementing a security template on a domain controller may change the settings of the Default Domain Controller Policy or the Default Domain Policy. The applied template may overwrite permissions on new files, registry keys and system services created by other programs. Restoring these policies may be required after you apply a security template. Before you follow these steps on a domain controller, create a backup of the SYSVOL share.

back to the top

Security Templates

There are four categories of pre-built security templates:
  • Basic
  • Secure
  • High Secure
  • Miscellaneous
The basic, secure, and high security templates represent increasing levels of security. The miscellaneous templates include compatibility templates, optional components templates, and original setup security templates.

The basic templates include:
  • Basicdc: Applies a basic level of security for domain controllers.
  • Basicsv: Provides a basic level of security for file and print servers.
  • Basicwk: Provides a basic level of security for workstations.

Higher-level security templates include:
  • Securedc: Provides a higher level of security for domain controllers.
  • Securews: Provides a higher level of security for workstations.
The following templates provide the highest level of security for Windows 2000-based computers but are not compatible with network connectivity with other Windows operating systems:
  • Hisecdc
  • Hisecws
Miscellaneous security templates include:
  • ocfiless: Used for file servers.
  • ocfilesw: Used for workstations.
  • setup security: Applies the default Windows 2000 security configuration.
These security templates add security settings for optional components such as Terminal Services and certificate services.

back to the toc

How to Apply a Security Template

You can apply security template settings by using the Security Configuration and Analysis snap-in. When you use this snap-in, you can import security templates and apply them to a computer, site, domain, or to an organizational unit. You can apply the security settings to a local computer configuration or to a Group Policy Object. You can also use this tool to analyze the security settings for a local computer or for a Group Policy Object.

To apply security template settings:
  1. At a command prompt, type mmc.
  2. Click Add/Remove Snap-in on the Console menu.
  3. Click Add in the Add/Remove Snap-in dialog box.
  4. In the Add Standalone Snap-in dialog box, click the Security Configuration and Analysis snap-in, click Add, click Close, and then click OK.
  5. To create a new security database, right-click the Security Configuration and Analysis node in the left pane, and then click Open Database.
  6. Type a name for the database in the Open database dialog box, and then click Open.
  7. In the Import Template dialog box, click the security template that you want to apply, and then click Open.
  8. Right-click the Security Configuration and Analysis node in the left pane, and then click Configure Computer Now.
Note You can save security templates with a different name and then imported the templates into the database. You can make granular changes to the security template and apply those changes incrementally with the Security Configuration and Analysis snap-in.

back to the top

For more information about predefined security templates, click Start, click Help, type predefined security templates in the Search box, and then press ENTER. After you do this, Help topics are displayed that describe predefined security templates.

back to the top
security templates

Article ID: 309689 - Last Review: 10/26/2013 09:57:00 - Revision: 5.0

Microsoft Windows 2000 Server, Microsoft Windows 2000 Professional Edition

  • kbnosurvey kbarchive kbproductlink kbhowto kbhowtomaster kbsecurity KB309689