Importing Security Templates and Modifying Security Settings in a GPO

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

By using Group Policy Object Editor and a security template, you can create a security policy for your computers. You can use GPMC to navigate to any GPO in the forest, and then open the Group Policy Object Editor. The Group Policy Object Editor permits you to import security templates and edit security settings. The security template is a single location that contains the full range of security settings. After you have imported the security template, you can edit individual policies.

To import a security template for a domain or OU

  1. Open GPMC.

  2. In the console tree, expand the domain or OU that you want to manage, right-click the Group Policy object that you want to edit, and then click Edit.

  3. In the Group Policy Object Editor console tree, click Computer Configuration, click Windows Settings, right-click Security Settings, and then select Import Policy.

  4. Click the security template that you want to import, and then click Open.

For step-by-step information about configuring security templates, see "Security Templates" in Help and Support Center for Windows Server 2003.

After you have imported a template to the GPO, you can manually modify the security settings in the GPO.

To modify security settings

  1. Open GPMC.

  2. In the console tree, expand the domain or OU that you want to manage, right-click the Group Policy object that you want to edit, and then click Edit.

  3. In the Group Policy Object Editor console tree, click Computer Configuration, click Windows Settings, and then click Security Settings.

  4. Do one of the following:

    • To edit Password Policy, Account Lockout Policy, or Kerberos Policy, click Account policies. Before making any changes to these policies make sure you understand how account policies are applied. For more information, see "Modifying Account Policies in the Default Domain GPO" later in this section.

    • To edit Audit Policy, User Rights Assignment, or Security Options, click Local Policies.

    • To edit Event log settings, click Event Log.

  5. In the details pane, double-click the security setting that you want to modify.

  6. If the security settings have not been defined, you can click to select the Define these policy settings check box.

  7. Modify the security settings, and then click OK.

For step-by-step information about configuring security templates, see "Security Templates" in Help and Support Center for Windows Server 2003.