Re: GPO vs. LGPO settings in Security Options

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/07/04 

Date: Mon, 8 Nov 2004 10:07:57 +1100

Hi William

I'm not sure where these are stored (if they are in a file anywhere). It
may be the case that they are hardcoded. As with the .adm based policies,
the names of the settings have evolved with the operating system.

Kind regards 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"William P" <WilliamP@discussions.microsoft.com> wrote in message 
news:944B8DC6-7B6F-4151-B9CF-001B3E7A5FE3@microsoft.com...
> Thanks Mark,
>
> This is true for certain policy settings, however, when you look in 
> Computer
> Configuration \ Windows Settings \ Security Settings \ Local Policies \
> 'Security Options', these settings are do not come from an ADM-template 
> file.
> The setting, for example:
>                      Accounts: Rename Guest Account
>
> is not present in a ADM-template file.
>
> This is why I was wondering where the text descriptions for the settings
> found under 'Security Options' are located.
>
> By starting Local Security Policy on an XP workstation, the descriptions 
> are
> different than they appear in a GPO in the domain.
>
> Can you clarify this please?
>
> William
>
>
> "Mark Renoden [MSFT]" wrote:
>
>> Hi William
>>
>> The policy text comes from the appropriate .adm file in the %windor%\inf
>> folder.  The policy text (and descriptions) have simply evolved between
>> Windows versions.  If you're running Windows XP clients in your Windows 
>> 2000
>> domain, you can update the .adm files on your DC's by downloading the 
>> latest
>> ..adm files (which are currently Windows XP SP2).  These can be 
>> downloaded
>> from:
>>
>> 
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4B6C-AD4A-BBF3802A5C9B&displaylang=en
>>
>> If you do this, beware of:
>>
>>     http://support.microsoft.com/default.aspx?kbid=842933
>>
>> The alternative is to edit the GPO's as an Administrator from a Windows 
>> XP
>> client.  For this you can use GPMC:
>>
>> 
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>> "William P" <WilliamP@discussions.microsoft.com> wrote in message
>> news:26A30D78-5D36-4384-A3A0-A720C3C575D2@microsoft.com...
>> >I have been testing my Domain-wide GPOs on XP SP2 workstations and have
>> > noticed that when I open 'Local Security Policy' on a workstation, 
>> > check
>> > the
>> > settings in 'Security Options', the settings are named different than 
>> > on
>> > my
>> > W2K domain controller. For example:
>> >
>> > Devices: Restrict DC-ROM access to locally logged on users 
>> > and
>> > on W2k DC I only have Restrict DC-ROM access to locally logged on 
>> > users.
>> >
>> > I downloaded the W2K3 Policysettings XLS sheet and the names present 
>> > for
>> > 'Security Options' are the same as what I see when opening the 'Local
>> > Security Policy'. But different from what I see when I open a GPO in my
>> > domain using the MMC.
>> >
>> > Why is this?
>> >
>> > My second question is: Where does the text description for the 
>> > 'Security
>> > Options' come from?
>> >
>> > Any help would be greatly appreciated.
>> >
>>
>>
>>

Relevant Pages

  • Re: scripted logon
    ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ...
    (microsoft.public.windows.terminal_services)
  • Re: map drives
    ... Group Policy Preference Client Side Extensions for Windows XP (KB943729 ... AccountingGroup Policy Management ... The settings in this GPO can only apply to the following groups, users, ... login script in GPMC. ...
    (microsoft.public.windows.group_policy)
  • Group Policy Case Solved
    ... I began with the "Security Options" under the Computer ... I modified the group policy from my Windows XP Pro workstation using ... many more settings than Windows 2000 does; ...
    (microsoft.public.win2000.security)
  • Re: how can I stop user deleting important files
    ... Just tried this at home on an XP Pro PC (no Windows Server in the mix) ... In Server Manager, Advanced Management, Group Policy Management, Your ... Forest, Your Domain, Your Domain.local, Default Domain Policy (right click ... and select Edit), Computer Settings, Windows Settings, Security Settings, ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO vs. LGPO settings in Security Options
    ... This is true for certain policy settings, however, when you look in Computer ... 'Security Options', these settings are do not come from an ADM-template file. ... If you're running Windows XP clients in your Windows 2000 ...
    (microsoft.public.win2000.group_policy)