Security Tools in Windows 2000

Windows 2000 provides an extensive set of tools to help administrators configure and manage security, including group policies, local policies, file and folder access, system registry access, and auditing. Delegation of Control Wizard enables you to delegate administrative control for particular organizational units to specified users or groups. Other tools are available as Administrative Tools, such as Event Log, and additional tools are available through MMC snap-ins, such as Security Templates, Security Configuration and Analysis, and Group Policy.

To access Delegation of Control Wizard, open one of the Active Directory MMC snap-ins (such as Active Directory Users and Computers or Active Directory Sites and Services), right-click on an Active Directory organizational unit (such as a domain, the Computers folder, or the Users folder), and then select Delegate control. To take advantage of Delegation of Control Wizard, first create organizational units containing accounts and shared resources that should be managed centrally, and then use the wizard to delegate control of the units to specific users or groups. For more information, see the Windows 2000 documentation.

To access the following security tools, click Start, click Program Files, click Administrative Tools, and then select the tool.

The following are Windows 2000 security tools:

• Domain Security Policy.   This tool modifies security settings for all domain members.
• Domain Controllers Security Policy.   This tool modifies security settings for domain controllers.
• Local Security Policy.   This tool modifies security settings for the local computer.

Each of these tools enables you to set, for their respective areas, account policies (such as password, lockout, and Kerberos policies), local policies (such as what to audit, who can set the system time, and when and if users are logged off automatically), event log settings, security policies for system services (such as IIS and the print spooler), file and registry security policies, and security for many other Windows 2000 features. For more information, see the Windows 2000 documentation.

To access the following security snap-ins, on the Start menu, click Run, and then type mmc in Open. On the Console menu, select Add/Remove Snap-in, click Add, and then select Security Configuration and Analysis, Security Templates, or Group Policy from the list of snap-ins. For more information about these snap-ins, see the Windows 2000 documentation.

The following are security snap-ins:

• Group Policy.   Through this snap-in you can define a set of security policies for users and computers in Active Directory. You can use Group Policy to apply a security policy across a domain or organizational unit in Active Directory.
• Security Templates.   Through this snap-in you can view, modify, or create security templates. Security templates are used to configure security settings for files, system services, registry keys, and Active Directory objects. Windows 2000 has predefined security templates that offer basic, secure, and highly secure settings for domain controllers, servers, and work stations. To modify the security settings of these standard templates, open the template, navigate to the security setting you want to change, double-click the security setting, and then edit the value. You can also create your own templates. For more information, see the Windows 2000 documentation.
• Security Configuration and Analysis.   Through this snap-in you can import a security template. From the Action menu, select Configure Computer Now or Analyze Computer Now. Configuring your computer's security settings applies the security settings in the template to the Group Policy object for the local computer. Analyzing your computer's security settings verifies that the current security settings agree with the settings in the security template you have chosen. For example, you may have changed a security level temporarily to resolve a network problem and then forgotten to change it back. You can view the results of the security analysis by selecting View Log File from the Action menu in the MMC.

Related Topics