[gptalk] Re: How to Apply Policy for system in workgroup or standalone

  • From: "Ranjan Babu .G" <ranjan.ganesh@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 3 May 2007 12:51:46 +0530

            Hi,

        Thanks for info.

         

        Client having   domain environment  and we are doing hardening through 
GP .

        But 100 servers in DMZ zone ,even though our client want to harden the 
OS .

        Now i created some scripts to add  / modify the registry value and FS 
security. Same time i created INF file to apply through local policy by 
visiting each machine.

         

        INF here i have one more question 

         

        1.If i add FS security in INF file it will apply in windows 2003 and 
2000 environment?. Because i am writing script mainly to  add/change the 
Registry value and FS modification.

         

        2.Can i use Scripts /I NF file  to change  registry and FS permission 
for 2000  SP4 and 2003 SP1 server .

         

        Regards,

        Ranjan

         


        ------------------------------
        
        From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
        Subject: [gptalk] Re: How to Apply Policy for system in workgroup or 
standalone
        Date: Thu, 3 May 2007 08:59:15 񩎘
        
        Hi Ranjan,
        
        
        Sorry... I don't think I can be a lot of help. As I have said, I 
haven't had much experience in a non domain environment and not much script 
work either. I tend to do everything in VB6.
        
        
        
        As to running Local Policy remotely, I don't think you can. You may 
need to open a terminal session on the machine and then run it from there.
        
        
        
        If you have scripted the Registry key settings for the machine, you can 
try running it from the start up directory (assuming the users have sufficient 
authority and you trust them not to delete it), otherwise you will have to get 
it to run from Local Group Policy, either by manually adding it on each machine 
or scripting up the process. 
        
        
        
        Be aware that if you do it via a script, any changes will require a 
reboot of the machine. If you were using normal Group policy on a domain, and 
implemented it via Admin templates you can get it to refresh regularly.
        
        
        
        I would question why you don't just make your life a lot simpler by 
creating a domain controller and using that rather than a work group. Your 
machine maintenance and User maintenance suddenly becomes a lot easier. I 
suspect it would be less work than trying to get local policies doing it for 
you.
        
        
        
        Alan Cuthbertson
        
        
        
        
        
         Policy Management Software:-
        
        http://www.sysprosoft.com/index.php?ref=activedir 
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml> 
&f=pol_summary.shtml
        
        
        
        ADM Template Editor:-
        
        http://www.sysprosoft.com/index.php?ref=activedir 
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml> 
&f=adm_summary.shtml
        
        
        
        Policy Log Reporter(Free)
        
        http://www.sysprosoft.com/index.php?ref=activedir 
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml> 
&f=policyreporter.shtml
        
        
        
        
        
        
        
        
        
        -----Original Message-----
        From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] 
On Behalf Of Ranjan Babu .G
        Sent: Tuesday, 1 May 2007 4:03 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: How to Apply Policy for system in workgroup or 
standalone
        
        
        
        Hi Alan Cuthbertson,
        
        
        
        Very useful.
        
        
        
        
        
        Is there is any way to open Local policy of remote system ( 2000 ,2003 
servers)in workgroup .In the senior if I have common admin username /password 
across the workgroup ?.Same way how to take report of all system in WG
        
        
        
        If you have any script for this please help.
        
        
        
                      
        
        *          Do you want to do different things on different machines?
        
        
        
                       Yes, We have different application (Application ,SQL 
,IIS Servers) running on 2000 and 2003 environment
        
        
        
        *          Can you easily visit each machine
        
                 Hope ,But nearly 50 can not. We can not reboot the system most 
of time.
        
        
        
        
        
        *       How much effort are you willing to put in up front
        
        Ready to put effort .If you guide me I can do it fast.
        
        As of now I created script to adding registry keys and setting  
security based on CIS recommendation for system context.
        
         
        
        Regards,
        
        Ranjan
        
        
        
        gptalk] Re: How to Apply Policy for system in workgroup or standalone
        
        
        
        *     From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
        
        *     To: <gptalk@xxxxxxxxxxxxx>
        
        *     Date: Mon, 30 Apr 2007 22:28:52 񩎘
        
        
        
        Hi Ranjan,
        
        
        
        
        
        
        
        It’s a long time since I have worked in a non-domain area, but I 
suspect the
        
        answer depends on several things such as:-
        
        
        
        
        
        
        
        *          Do you trust the user to not try and circumvent what you are 
doing
        
        
        
        *          Do you want to do different things on different machines
        
        
        
        *          Can you easily visit each machine
        
        
        
        *          How much effort are you willing to put in up front
        
        
        
        
        
        
        
        Probably the easiest way is to write a script that runs from the startup
        
        folder. However, if you want to go beyond just adding registry keys and 
setting
        
        security, using Local Group Policy may be the go, but it is rather 
tedious
        
        manually running Local Group Policy on each machines. You can write 
code to
        
        configure Local Group Policy, but that is a lot of up front work. You 
mention
        
        ADM files. They are really a component within Local Group Policy and so 
are not
        
        really relevant.
        
        
        
        
        
        
        
        If you are setting security, you may need to run it in the Machine 
context
        
        rather than the user context. This means that you need to run the 
script at
        
        machine start time not logon time. This can be done from Local Group 
Policy,
        
        but requires some programming work unless you manually set it up on each
        
        machine.
        
        
        
        
        
        
        
        Hope that helps…
        
        
        
        
        
        
        
        Alan Cuthbertson
        
        
        
        
        
        
        
        
        
        
        
        -----Original Message-----
        
        From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] 
On
        
        Behalf Of Ranjan Babu .G
        
        Sent: Monday, 30 April 2007 3:25 PM
        
        To: gptalk@xxxxxxxxxxxxx
        
        Subject: [gptalk] How to Apply Policy for system in workgroup or 
standalone
        
        
        
        
        
        
        
        Hello Everyone ,
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        Our Client having 100 + server in workgroup (Mixed OS 2000 and 2003 
Servers) 
        
        and  would like to apply  policy (As per CIS benchmark )using any 
method   .And
        
        also need to add additional registry entry and secure the permission for
        
        registry key.
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        I want know in which  is best method to apply poliocy ? .
        
        
        
        
        
        
        
        Using Script/ Local POlicy editor/ADM file ?
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        And how to proceed and looking forward to hearing from you.
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        Type of servers in workgroup.
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        1.Applictaion Server
        
        
        
        
        
        
        
        2.Web Server
        
        
        
        
        
        
        
        3.SQL DB server
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        Regards,
        
        
        
        
        
        
        
        Ranjan
        
        
        
        
        
        آ칻&~&ZF݊x‑)d-zX
        "­˛m^Jy_]9 x"-ybyi[1]!~b֫yڊV歆i߭祊l܆+޳)d
        
        
        
        ------------------------------
        
        End of gptalk Digest V2 #89
        ***************************
        
        

b��j{����r��y���
mjY�ǧv)�zf��� �֥�����-~���+-����+a�{.n�+�����^J��y�_��]9��� 
�x"��-���y�b��(��n)�z��q�+r�z����^�+-j�����i�^j�m�����祊�l��?j�!����
mjY?

Other related posts: