NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2003-q3

RE: Domain vs. Local security policy

From: Arik Fletcher (arikfjoskos.com)
Date: Wed Sep 10 2003 - 10:54:32 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

the only problem with that scenario is that if you wanted to change the policies of the local machines without affecting other PCs on the network, or having to stick them into a separate OU.

But i suppose you could change the policies on one of the machines and the write a script that copies the
%windir%\system32\GroupPolicy folder from the fixed machine to all other machines you would like changed...

        -----Original Message-----
        From: Streeter, Joseph (WI) [mailto:Joseph.Streeterwi.ngb.army.mil]
        Sent: Tue 9/9/2003 7:36 PM
        To: 'focus-mssecurityfocus.com'
        Cc:
        Subject: RE: Domain vs. Local security policy



        It might be best to have the local GPO good and tight. That way there are
        fewer polices that have to be applied across the network at start up and
        logon. It's also the only policy to apply to local accounts on that machine.


        If you want to back off any of the local policies you can override them with
        the Domain or OU polcy.

        -----Original Message-----
        From: simonis [mailto:simonismyself.com]
        Sent: Monday, September 08, 2003 1:26 PM
        To: Brad Renfro
        Cc: focus-mssecurityfocus.com
        Subject: Re: Domain vs. Local security policy

        Brad Renfro wrote:
>
> What is the residual risk of applying fairly strict domain wide security
> policies on a LAN but leaving local security policy pretty much the
        default?
>


        As far as I understand it, this would allow someone to remove the box
        from the domain and operate under the looser local policy. A larger
        question is of what benefit it is to you?

        -Ds

        ---------------------------------------------------------------------------
        KaVaDo provides the first and only integrated Web application scanner and
        firewall security suite that prevent Web applications attacks, the most
        common form of online exploitation. Download a FREE whitepaper on Security
        Policy Automation for Web Applications.
        http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
        ---------------------------------------------------------------------------

        ---------------------------------------------------------------------------
        KaVaDo provides the first and only integrated Web application scanner and
        firewall security suite that prevent Web applications attacks, the most
        common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
        http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
        ---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]