Re: Registry Changes through Group Policy
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 13 Jun 2007 18:57:32 -0500
"Kevin Mertel" <KevinMertel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:40399A74-F39E-4010-A2AE-218FE8C94595@xxxxxxxxxxxxxxxx
I have a security appliance that requires a domain user account with access
to the registry of all of the servers in my domain. The security appliance's
documentation says to use the Domain Security Policy MMC to add a registry
key (MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg)
and
then grant read permission to that key to a specific security group.
I would NOT use the "Default Domain Security policy" but rather one created
for this purpose and I would (attempt to) link it to ONLY the GPO(s) where
those servers were located rather than to apply it to every machine in the
domain.
In
addition they have you go into Advanced settings an enable "Allow
inheritable
permissions." which does not seem to be the default when I reviewed this
key
on a sample of my member servers. What I'm uncertain of is, if I use the
"Default Domain Security" MMC on my domain controller to add a registry
key
and modify it's permissions, and that registry key already exists on a
member
server, would that add to the existing registry key's security or replace
it
entirely?
I have never tested this but it should take just a few minutes to test.
I believe it replaces -- i.e., sets ALL of the permissions according to
the GPO -- and is not additive.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
The document I'm following can be found below beginning on page 5.
http://www.rac.cz/rac/homepage.nsf/CZ/Qualys-Pictures/$FILE/QG-Trusted_Scanning_Windows_060601.pdf
Thanks,
Kevin Mertel
.
- Prev by Date: RE: Event ID 1058, why does it occur?
- Next by Date: Re: DNS questions
- Previous by thread: RE: Event ID 1058, why does it occur?
- Next by thread: Re: 3rd pary apps LDAP query
- Index(es):
Relevant Pages
|
