NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Editing the security configuration files manually

We strongly recommend that whenever possible the security administration is done using CASPol. This insures that policy changes don’t corrupt the configuration files. Since CASPol does not currently support administrators in accessing arbitrary user’s configuration files, some hand editing may become necessary. The configuration files are stored at the following locations:

Machine policy configuration
Windows 2000 %WINDIR%\complus\vxx.xx\security.cfg
Windows NT %WINDIR%\complus\vxx.xx\security.cfg
Windows 9x %WINDIR%\complus\vxx.xx\security.cfg
User policy configuration
Windows 2000 %USERPROFILE%\complus\vxx.xx\security.cfg
Windows NT %USERPROFILE%\complus\vxx.xx\security.cfg
Windows 9x %WINDIR%\username\complus\vxx.xx\security.cfg

NOTE:The security.cfg file for a particular policy will only be persisted on disk if the policy has been changed from the default using CASPol (The default policies are hardwired). So, for instance if a user only ever used CASPol to list his or her user policy but did not make any changes to it, there will be no security.cfg file persisted for that user. In that case the administrator will need to author a new policy file. When the security.cfg files are created they are appropriately ACLed so that only people with machine administrative rights can modify the machine’s security.cfg.

When calling –reset on a default policy, CASPol automatically saves the default policy to disk. Although the administrator cannot call –reset on arbitrary user’s policy, he or she can call –reset on his own user policy (if it is still the default policy), and use the persisted file as a starting point for authoring the particular user policy he/she had in mind.

Example: Administrator wants to change the default user policy of user Joe Doe

  1. (presuming the admin’s user policy hasn’t been changed), admin uses caspol –user –reset to generate a default user security.cfg on disk at admin’s user policy level directoy (see user policy level configuration table above).
  2. admin copies this file to the user’s policy configuration directory of Joe Doe (admin may need to create that directory)
  3. admin uses an editor to modify the file