Presentation is loading. Please wait.

Presentation is loading. Please wait.

Desktop Security Fred Wadlington - Milton Town School District –System Policies Jack Barnes - Shelburne School District –WinLock Glen Ward - Network Engineer,

Published byRodger Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "Desktop Security Fred Wadlington - Milton Town School District –System Policies Jack Barnes - Shelburne School District –WinLock Glen Ward - Network Engineer,"— Presentation transcript:

1 Desktop Security Fred Wadlington - Milton Town School District –System Policies Jack Barnes - Shelburne School District –WinLock Glen Ward - Network Engineer, Novell –Zenworks Mike Vinning - So. Burlington School District –PCR Disk & Ghost Mary Keenan - Burlington School District –DeepFreeze

2 An Overview of System Policies Policies are another way of modifying the Registry The same results could be accomplished through direct registry editing; 3rd party software such as Fortress, WinLock, etc This presentation will focus on W9x operating systems.

3 The Blurbage from Microsoft

4 Things to keep in Mind For W95 & W98 you would create a config.pol file For WinNT or 2000 you would save the file as Ntconfig.pol Each file can be setup for either groups or individuals The file needs to be stored in the “Netlogon” share (NT) or “public” directory of the preferred server (Novell) if you are using the automatic default path. Using a manual path, you would store it where the path you create points to.

5 Setup for Group Policies Each workstation needs to be configured. –Individually - Install grouppol.dll through Windows setup –Login Script download the grouppol.dll file to the windows\system directory on the workstation run a regmerge command line (regedit /s grouppol.reg). The /s means run it silently and then after the /s is the path to the *.reg file.

6 How to Create a config.pol file Create, edit and save the policy file using the same platform for which it is intended. To be used on a Windows 9x workstation, the policy file must be created and saved on a Windows 9x workstation, and it must be named config.pol. To be used on a Windows NT or 2000 workstation, the policy file must be created and saved on an NT/2000 workstation or NT/2000 server, and it must be named ntconfig.pol. Make sure you create and save the policy file while logged on as a member of the administrator group (Windows NT and Windows 2000 domains) or as a user with administrator privileges or supervisor rights to the system root (NetWare).

7 Creating the file (continued) Launch Poledit Go to Options menu and load the desired.adm files Go to File menu and either open a sample.pol file or choose “new policy”. Start by modifying the default user and default computer.

8 Creating the file (continued) Go to Edit menu and select either a new user or new group. Keep in mind that group names must correspond with the global groups in NT or groups in Novell. Highlight the default user and select “copy” from the Edit menu, then highlight the new user/group that you created and select “paste” from the Edit menu. This gives the new user/group the same permissions as the default user. Modify the new user/group to give it the desired permissions

9 Creating the file (continued) Go to Options menu and select group priority. Adjust your groups respectively. Keep in mind that the file is processed in order from lowest to highest priority. This comes into play if a user is a member of more than one group. Also, if a box is grayed then that item will inherit the choice made in an “earlier” group.

10 Important - 3 types of choices Checked box –This policy will be implemented, changing the state of the user’s computer to conform to the policy when the user logs on. If the option was previously checked the last time the user logged on, no changes will be made. Clear box –The policy will not be implemented. If it was implemented previously (either through a policy setting or the user’s configuration setting), the previously specified settings are removed from the Registry Gray box –The setting is unchanged from the last time the user logged on, and no related modifications to the system configuration will be made. –The grayed state ensures that quick processing will be provided at system startup because it does not need to process each entry each time a user logs on. Thus for quicker logins, try to leave as many choices as possible in the “grayed” state.

11 Screen shots of sample policies

12 Where to find.adm files for MS Software  From friends or other Techies  Windows\INF directory  Internet Explorer (IE): only in the very old IE 5.0 Resource Kit--axaa.adm, (conf.adm-- use NetMeeting Resource Kit), inetcorp.adm, inetres.adm, inetset.adm, oe.adm, sp1shell.adm, subs.adm, wmp.adm.  Office 2000: Resource Kit--access9.adm, clipgal5.adm, excel9.adm, frontpg4.adm, instlr1.adm, office9.adm, outlk9.adm, ppoint9.adm, pub9.adm, word9.adm.  Outlook 98: Outlook 98 Deployment Kit--out98prf.adm, outlk98.adm (for IE 4.0 only-- conf.adm, inetres.adm, inetset.adm, shell.adm, subs.adm). There is also one interesting.adm file at http://www.i386.com for setting the proxy server and IE home page.http://www.i386.com  Office 97: http://www.microsoft.com/office/ork/download/SetupPol.exe--access97.adm, (common.adm), off97nt4.adm, off97w95.adm, outlk97.adm, query97.adm, typelib.adm, (windows.adm, winnt.adm); Netmeeting Resource Kit: conf.adm.http://www.microsoft.com/office/ork/download/SetupPol.exe  Win2K: http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=13801.http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=13801  NT 4.0: common.adm, winnt.adm (c:\winnt\inf).  Windows 98/95: on the CD-ROM as admin.adm.

13 Web Sites relating to Sys Policies How do I create my own Policy template? http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14971 How can I implement locally based system policies? http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14974 How do System Policies work? http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14969 Where can I get information on Profiles and Policies? http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14972 Top ten tips re setup & cfg of system policies http://windows.oreilly.com/news/syspolicy_0600.html Where can I find.adm files? http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=19725

14 Security Related WebSites Novell’s Security in the Schools –http://www.novell.com/coolsolutions/zenworks/trenches/tr_school_securit y1_zw.html. Keeping Smut off of the Wallpaper –http://www.novell.com/coolsolutions/zenworks/trenches/tr_locking_wallp aper_zw.html.

15 Closing Thoughts policies are not just for locking down but also to control application options to make them easier to use such as redirecting the save directories for the user's home directory. It is critically important that you plan your policies so that you don’t modify the registry in such a way that you lock yourself out! If questions arise after this session, please feel free to contact me: Fred Wadlington, Systems Administrator Milton Town School District 893-3215 x114 or fred_wadlington@fcmail.milton.k12.vt.us

Download ppt "Desktop Security Fred Wadlington - Milton Town School District –System Policies Jack Barnes - Shelburne School District –WinLock Glen Ward - Network Engineer,"

Similar presentations

Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
CREATING USER ACCOUNTS Group accounts simplify administration by organizing user accounts into a single administrative unit. They provide a convenient.

CREATING USER ACCOUNTS Group accounts simplify administration by organizing user accounts into a single administrative unit. They provide a convenient.
CSS Central: Central Management Utility Screen View Samples Next.

CSS Central: Central Management Utility Screen View Samples Next.
Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Securing a Public Workstation Under Windows 9x VUGM-1999 Rider University Libraries Edward Corrado & Dr. Sharon Yang.

Securing a Public Workstation Under Windows 9x VUGM-1999 Rider University Libraries Edward Corrado & Dr. Sharon Yang.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.

Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.

Similar presentations

Ads by Google