Re: GPO vs. LGPO settings in Security Options
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: Mon, 8 Nov 2004 10:07:57 +1100
I'm not sure where these are stored (if they are in a file anywhere). It
may be the case that they are hardcoded. As with the .adm based policies,
the names of the settings have evolved with the operating system.
-- Mark Renoden [MSFT] Windows Platform Support Team Email: email@example.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "William P" <WilliamP@discussions.microsoft.com> wrote in message news:944B8DC6-7B6F-4151-B9CF-001B3E7A5FE3@microsoft.com... > Thanks Mark, > > This is true for certain policy settings, however, when you look in > Computer > Configuration \ Windows Settings \ Security Settings \ Local Policies \ > 'Security Options', these settings are do not come from an ADM-template > file. > The setting, for example: > Accounts: Rename Guest Account > > is not present in a ADM-template file. > > This is why I was wondering where the text descriptions for the settings > found under 'Security Options' are located. > > By starting Local Security Policy on an XP workstation, the descriptions > are > different than they appear in a GPO in the domain. > > Can you clarify this please? > > William > > > "Mark Renoden [MSFT]" wrote: > >> Hi William >> >> The policy text comes from the appropriate .adm file in the %windor%\inf >> folder. The policy text (and descriptions) have simply evolved between >> Windows versions. If you're running Windows XP clients in your Windows >> 2000 >> domain, you can update the .adm files on your DC's by downloading the >> latest >> ..adm files (which are currently Windows XP SP2). These can be >> downloaded >> from: >> >> >> http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4B6C-AD4A-BBF3802A5C9B&displaylang=en >> >> If you do this, beware of: >> >> http://support.microsoft.com/default.aspx?kbid=842933 >> >> The alternative is to edit the GPO's as an Administrator from a Windows >> XP >> client. For this you can use GPMC: >> >> >> http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en >> >> Kind regards >> -- >> Mark Renoden [MSFT] >> Windows Platform Support Team >> Email: firstname.lastname@example.org >> >> Please note you'll need to strip ".online" from my email address to email >> me; I'll post a response back to the group. >> >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> "William P" <WilliamP@discussions.microsoft.com> wrote in message >> news:26A30D78-5D36-4384-A3A0-A720C3C575D2@microsoft.com... >> >I have been testing my Domain-wide GPOs on XP SP2 workstations and have >> > noticed that when I open 'Local Security Policy' on a workstation, >> > check >> > the >> > settings in 'Security Options', the settings are named different than >> > on >> > my >> > W2K domain controller. For example: >> > >> > Devices: Restrict DC-ROM access to locally logged on users >> > and >> > on W2k DC I only have Restrict DC-ROM access to locally logged on >> > users. >> > >> > I downloaded the W2K3 Policysettings XLS sheet and the names present >> > for >> > 'Security Options' are the same as what I see when opening the 'Local >> > Security Policy'. But different from what I see when I open a GPO in my >> > domain using the MMC. >> > >> > Why is this? >> > >> > My second question is: Where does the text description for the >> > 'Security >> > Options' come from? >> > >> > Any help would be greatly appreciated. >> > >> >> >>