How to export .adm settings .inf style?
- From: "verviflox" <dontsendhere@xxxxxxxxxx>
- Date: Wed, 24 Jan 2007 01:14:03 -0800
With a better undestanding (but still confused about import/export) I am
back with a new Q:
We would like to provide our customers with an .inf template that they can
import into a GPO. We have been able to do this for the standard security
templates. However some of the settings are configured using System.adm.
The syntax of the .inf used for a standard security template and the
System.adm settings that end up in Registry.pol are quite different.
I thought there would be a uniform text-based format I where I could place
all of these settings for import into a GPO. We like the .inf because we
can place this file in our source control.
Is there a way to do this other than a complete backup/restore of the GPO?
Such a backup/restore might capture more than we want to export, and hard to
put into version control.
p.s. Some might ask why we want to do this. Here is the reason below from
an earlier thread:
----------------------------
If I explain the application a little maybe the question will make more
sense. The
application relies heavily on network collaboration XML based workflow with
anywhere from 5 to 100 client workstations in the hospital. The entire
system is delivered as one package (domain controller, workstations, OS,
network cable, ...). The hospital technical staff will set everything up,
and coordinate installation of third party modules that are designed
specifically for our application. These third party applications in some
cases even create their own instance of MSDE SQL Server. A variety of
software will exist on the clients.
The workstations will share some very sensitive information. We must ensure
that the domain controller policies lock down the system as much as possible
while allowing the application to run, and without causing problems for the
third party modules. Our application also sets specific rights on the
filesystem for the various privilege levels. We can't trust that the
technical staff will be experienced enough in all cases to create their own
home-grown domain policies, but we can trust them to follow some
instructions in the install manual. Our application requires specific
application exceptions for the Windows Firewall domain profile, for example,
for which there is a setting in the default Microsoft .adm template. We
also have to lock down some other standard machine security settings that
exist in the Microsoft provided .adm, and a few reg keys where we have to
disable workstation features even beyond what exists in the standard
templates.
We are putting the final installer package together, and trying to figure
out a way to get these specific settings into the domain controller while
minimizing human error during configuration. It would be fine if we could
provide some .inf files that the domain administrator would have to import,
as long as the settings could be applied in a way that the administrator
could merge without wiping our their entire domain policy setup (in some
environments customers want to re-use existing domain controllers and
workstations, bring them up to our higher security compliance regulatory
requirements, and make it all work).
.
- Prev by Date: Re: GPO WMI Filtering
- Next by Date: Policy Report - structure of categories are unorganized
- Previous by thread: 1085 and 1202 Errors
- Next by thread: Policy Report - structure of categories are unorganized
- Index(es):
Relevant Pages
|
