This step-by-step article describes how to apply registry and file system Access Control Lists (ACLs) on computers that are upgraded from Windows NT 4.0 to Windows 2000. When you upgrade a Windows NT 4.0-based computer to Windows 2000, the registry and file system ACLs are not changed by Windows 2000 Setup. Windows 2000 handles registry and file system permissions differently than Windows NT 4.0, which allows a greater security for the server or workstation. Microsoft recommends that you apply the Windows 2000 ACLs to computers that are upgraded from Windows NT 4.0.
The easiest way to apply Windows 2000 default registry and file system ACLs to an upgraded computer is to use the Windows 2000 Security Configuration and Analysis tool. This tool can apply the default Windows 2000 Security Configuration to the upgraded computer.
How to Apply the default Windows 2000 System Security Settings to an Upgraded Windows 2000-Based Computer
Log on as administrator.
Click Start, click Run, type mmc, and then click OK.
In the Console1 console, click Add/Remove snap-in on the Console menu.
In the Add/Remove Snap-in dialog box, click Add, click the Security Configuration and Analysis entry, and then click Add.
Click Close in the Add Standalone Snap-in dialog box.
Click OK in the Add/Remove Snap-in dialog box.
In the left pane of the Console1 console, right-click the Security Configuration and Analysis entry, and then click Open database.
In the Open database dialog box, type a name for the database (such as upgdbase), and then click Open.
In the Import Template dialog box, locate and click the Setup Security.inf security template, and then click Open.
Right-click the Security Configuration and Analysis node in the left pane, and then click Analyze Computer Now. The template security settings are compared to the existing computer settings.
View the entries in each of the nodes. Current computer settings that conflict with the template are marked with a red "x". Entries that match the template settings are marked with a green checkmark. Entries that are not defined in the database do not have a mark on the entry's icon.
If you need to change any of the entries, right-click the entry, and then click Security to change the setting in the Security database. The settings that are stored in the database are applied to the system security configuration when you apply them.
Right-click the Security Configuration and Analysis node in the left pane, and then click Configure Computer Now. The settings in the Security database are applied to the local computer.
NOTE: If there are conflicts between the database entries and the existing security configuration on the computer, the existing entries will be overwritten unless you reconcile the differences in the Security database before you configure the computer.