Re: GPO vs. LGPO settings in Security Options

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/07/04 

Date: Mon, 8 Nov 2004 10:07:57 +1100

Hi William

I'm not sure where these are stored (if they are in a file anywhere). It
may be the case that they are hardcoded. As with the .adm based policies,
the names of the settings have evolved with the operating system.

Kind regards 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"William P" <WilliamP@discussions.microsoft.com> wrote in message 
news:944B8DC6-7B6F-4151-B9CF-001B3E7A5FE3@microsoft.com...
> Thanks Mark,
>
> This is true for certain policy settings, however, when you look in 
> Computer
> Configuration \ Windows Settings \ Security Settings \ Local Policies \
> 'Security Options', these settings are do not come from an ADM-template 
> file.
> The setting, for example:
>                      Accounts: Rename Guest Account
>
> is not present in a ADM-template file.
>
> This is why I was wondering where the text descriptions for the settings
> found under 'Security Options' are located.
>
> By starting Local Security Policy on an XP workstation, the descriptions 
> are
> different than they appear in a GPO in the domain.
>
> Can you clarify this please?
>
> William
>
>
> "Mark Renoden [MSFT]" wrote:
>
>> Hi William
>>
>> The policy text comes from the appropriate .adm file in the %windor%\inf
>> folder.  The policy text (and descriptions) have simply evolved between
>> Windows versions.  If you're running Windows XP clients in your Windows 
>> 2000
>> domain, you can update the .adm files on your DC's by downloading the 
>> latest
>> ..adm files (which are currently Windows XP SP2).  These can be 
>> downloaded
>> from:
>>
>> 
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4B6C-AD4A-BBF3802A5C9B&displaylang=en
>>
>> If you do this, beware of:
>>
>>     http://support.microsoft.com/default.aspx?kbid=842933
>>
>> The alternative is to edit the GPO's as an Administrator from a Windows 
>> XP
>> client.  For this you can use GPMC:
>>
>> 
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>> "William P" <WilliamP@discussions.microsoft.com> wrote in message
>> news:26A30D78-5D36-4384-A3A0-A720C3C575D2@microsoft.com...
>> >I have been testing my Domain-wide GPOs on XP SP2 workstations and have
>> > noticed that when I open 'Local Security Policy' on a workstation, 
>> > check
>> > the
>> > settings in 'Security Options', the settings are named different than 
>> > on
>> > my
>> > W2K domain controller. For example:
>> >
>> > Devices: Restrict DC-ROM access to locally logged on users 
>> > and
>> > on W2k DC I only have Restrict DC-ROM access to locally logged on 
>> > users.
>> >
>> > I downloaded the W2K3 Policysettings XLS *** and the names present 
>> > for
>> > 'Security Options' are the same as what I see when opening the 'Local
>> > Security Policy'. But different from what I see when I open a GPO in my
>> > domain using the MMC.
>> >
>> > Why is this?
>> >
>> > My second question is: Where does the text description for the 
>> > 'Security
>> > Options' come from?
>> >
>> > Any help would be greatly appreciated.
>> >
>>
>>
>>