Predefined security templates are used in the creation of security policies which can be specifically customized to meet the needs of different organizations. After templates are customized with security templates snap-in, they can be used to configure security of one or more computers. Security templates are by default stored in systemroot\security\templates directory: • Default security (Setup security. inf) - This template is created when the operating system is being installed and in file permissions for the root of the system drive.
• Domain controller default security- We create this template when a server is promoted to a domain controller and it shows registry, file and system service default security settings. • Compatible – This template reduces security requirements so that people of a certain user group can perform operations not related the Window Logo Program for Software. • Secure – This template adjusts the security settings which affect the network and operating system protocol like account policy, password policy and other registry operations.
They also limit usage of LAN Manager and NTLM authentication protocols where servers are configured to refuse LAN manager responses (TechNet, 2005). • Highly secure – This template adds specific restrictions which security template does not define like encryption levels and signing necessary for validation and data exchange through secure channels and within Server Message Block (SMB) servers and clients. • System root security – Root permissions are specified by this template where it defines by default the permission for the root of the system drive (TechNet, 2005).
• No Terminal Server user SID – This template can be applied for removing Windows Terminal Server SIDs from registry locations and the file system when Terminal Services are not running. • Internet explorer – This template enables a person to audit Internet Explorer use and its essential for regularly reviewing event logs. Reference TechNet, (2005). Predefined Security Templates. Retrieved on 25th August 2010 from, http://technet. microsoft. com/en-us/library/cc787720%28WS. 10%29. aspx