Security Setting Descriptions

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security setting descriptions

To locate this security setting in the console tree in Microsoft Management Console (MMC), see Computer Configuration\Windows Settings\Security Settings

Security area Description

Account Policies

Password Policy, Account Lockout Policy, and Kerberos Policy

Local Policies

Auditing Policy, User Rights Assignment, and Security Options

Event log

Application, system, and security Event Log settings

Restricted Groups

Membership of security-sensitive groups

System Services security settings

Startup and permissions for system services

Registry security settings

Permissions for registry keys

File System security settings

Permissions for folders and files

You can configure the security settings that are described in this section on one computer, or on many computers, by using the Security Configuration Manager tools. The Security Configuration Manager tools consist of:

  • Security Templates

  • Security Configuration and Analysis

  • The Secedit.exe command-prompt tool

  • Local Security Policy

  • The Security Settings Extension to Group Policy

To set or to modify individual security settings on individual computers, use Local Security Policy. To define security settings that are enforced on any number of computers, use the Security Settings Extension to Group Policy. To apply several settings in a batch, use Security Templates to define the settings, and then apply those settings by using Security Configuration and Analysis or Secedit.exe, or import the template that contains your settings into Local Policy or Group Policy.