Security Templates overview
With Security Templates, you can create a security policy for your computer or network. It is a single point of entry where the full range of system security can be taken into account. Security Templates does not introduce new security parameters; it simply organizes all existing security attributes into one place to ease security administration.
Importing a security template to a Group Policy object eases domain administration by configuring security for a domain or organizational unit at once. For more information, see To import a security template to a Group Policy object
In order to apply a security template to your local computer, you can use Security Configuration and Analysis. For more information, see To configure local computer security
Security templates can be used to define:
| Security area | Description |
Password Policy, Account Lockout Policy, and Kerberos Policy | |
Audit Policy, User Rights Assignment, and Security Options | |
Application, system, and security Event Log settings | |
Membership of security-sensitive groups | |
Startup and permissions for system services | |
Permissions for registry keys | |
Permissions for folders and files |
Each template is saved as a text-based .inf file. This enables you to copy, paste, import, or export some or all of the template attributes. With the exceptions of IP Security and public key policies, all security attributes can be contained in a security template.
New and predefined templates
You can create a new security template with your own preferences or use one of the predefined security templates. Before making any changes to your security settings you should understand what the default settings of your system are and what they mean. For more information, see Default security settings
There are several predefined templates that can help you to secure your system based on your needs, these templates are for:
| • | Reapplying default settings. (Setup security.inf) |
| • | Implementing a highly secure environment. (Hisecws.inf) |
| • | Implementing a less secure but more compatible environment. (Compatws.inf) |
| • | Securing the system root. (Rootsec.inf) |
For more information, see Predefined security templates
