Security Templates (MCP Series)
Setup Security (Setup Security.inf)
The default security template created when an operating system is installed.
Domain Controller Security (DC Security.inf)
DC Security.inf is created when a server is promoted to a Domain Controller. DC Security.inf is a good starting point when creating a security template for a new Domain Controller. Be aware that applying the DC Security template will overwrite values (files, registry keys, services) changed by other programs.
Secure Template (Secure*.inf)
Example: securews.inf, securedc.inf
The Secure Template enforces restrictions that are unlikley to affect compatibility. Stronger passwords are required and account lockout settings are secured.
Highly Secure (hisec*.inf)
Example: hisecdc.inf
The Highly Secure Template enforces restrictions that are not enforced on the Secure Template. These restrictions include encryption and authentication levels. The hisec security template requires the use of IPSec as it applies the IPSec - Secure Server policy for IP communication.
* Where the asterisk can be:
The default security template created when an operating system is installed.
Domain Controller Security (DC Security.inf)
DC Security.inf is created when a server is promoted to a Domain Controller. DC Security.inf is a good starting point when creating a security template for a new Domain Controller. Be aware that applying the DC Security template will overwrite values (files, registry keys, services) changed by other programs.
Secure Template (Secure*.inf)
Example: securews.inf, securedc.inf
The Secure Template enforces restrictions that are unlikley to affect compatibility. Stronger passwords are required and account lockout settings are secured.
Highly Secure (hisec*.inf)
Example: hisecdc.inf
The Highly Secure Template enforces restrictions that are not enforced on the Secure Template. These restrictions include encryption and authentication levels. The hisec security template requires the use of IPSec as it applies the IPSec - Secure Server policy for IP communication.
* Where the asterisk can be:
- WK - Workstation
- WS - Workstation or Server
- SV - Member Server
- DC - Domain Controller