[gptalk] Will GPO Security Client Side Extension beable to process the same syntax that SECEDIT can process.
- From: "Lowell-Forker, Tolli" <tolli.lowell-forker@xxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Wed, 15 Aug 2007 13:02:44 -0700
I've noticed that some of the .inf files that are used during
server/workstation builds and DC promotions have some very interesting
syntax (found in %windir%\inf). I guess that this syntax is understood
by SECEDIT. My question is whether the Group Policy CSE that reads the
GPTTmpl.inf can also understand this syntax?
Custom management of user rights using "ADD:" and "REMOVE:":
[Privilege Rights]
;Add Whatever a DC should have by default.
;Remove Power Users from every right since it no longer
exists but may have been added.
;Remove Whatever *Default* Server Rights don't belong on
a DC
;If Server and DC Defaults are the same, then only power
users is removed
;If You remove Everyone, Remove Authenticated Users as
well.
;
SeAssignPrimaryTokenPrivilege = Add:, *S-1-5-19,
*S-1-5-20, Remove:, *S-1-5-32-547
SeAuditPrivilege = Add:, *S-1-5-19, *S-1-5-20, Remove:,
*S-1-5-32-547
SeBackupPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-551,
*S-1-5-32-549, Remove:, *S-1-5-32-547
SeBatchLogonRight = Remove:, *S-1-5-32-547
Restricted Groups (use of variables in Group Names):
;----------------------------------------------------------------------
; Restricted Groups
;----------------------------------------------------------------------
[Group Membership]
;Accounts Created During Server Role are Maintained so
ignore groups.
;Operational Groups
;%SceInfBackupOp%__Memberof =
;%SceInfBackupOp%__Members =
;%SceInfGuests%__Memberof =
;%SceInfPrintOp%__Members =
;%SceInfReplicator%__Memberof =
;%SceInfReplicator%__Members =
;%SceInfServerOp%__Memberof =
;%SceInfServerOp%__Members =
=======================================================
Tolli Lowell-Forker
Sr. Technical Specialist
Technology Infrastructure ~ Infrastructure Applications ~ Group Policy
Engineering
Other related posts:
