Venus 7000

home *** CD-ROM | disk | FTP | other *** search

/ Venus 7000 / darktronics.iso / Software / Service Packs / Win2kSP4.exe / i386 / ia / defltdc.in_ / defltdc.inf

Wrap

Windows Setup INFormation | 2003-06-19 | 22.2 KB | 355 lines

; (c) Microsoft Corporation 1997-2000 ; ; Security Configuration Template for Security Configuration Editor ; ; Template Name: DefltDC.INF ; Template Version: 05.00.DD.0000 ; ; Default Template For Windows NT 5.0 Domain Controllers. ; This template should NOT be used on Workstations or Servers. ; ; Revision History ; 0000 - Original. ; Domain Policies not set. Use DCFirst if first DC else from existing domain policy. ;[Profile Description] %SCEDefltDCProfileDescription% [version] signature="$CHICAGO$" revision=1 DriverVer=06/19/2003,5.00.2195.6717 ;---------------------------------------------------------------- ;Event Log - Log Settings ;---------------------------------------------------------------- ;Audit Log Retention Period: ;0 = Overwrite Events As Needed ;1 = Overwrite Events As Specified by Retention Days Entry ;2 = Never Overwrite Events (Clear Log Manually) [System Log] MaximumLogSize = 512 AuditLogRetentionPeriod = 1 RetentionDays = 7 RestrictGuestAccess = 0 [Security Log] MaximumLogSize = 512 AuditLogRetentionPeriod = 1 RetentionDays = 7 RestrictGuestAccess = 0 [Application Log] MaximumLogSize = 512 AuditLogRetentionPeriod = 1 RetentionDays = 7 RestrictGuestAccess = 0 [Event Audit] ;Auditing is Off by Default AuditSystemEvents = 0 AuditLogonEvents = 0 AuditObjectAccess = 0 AuditPrivilegeUse = 0 AuditPolicyChange = 0 AuditProcessTracking = 0 AuditDSAccess = 0 AuditAccountLogon = 0 AuditDSAccess=0 ;---------------------------------------------------------------- ;Registry Values ;---------------------------------------------------------------- [Registry Values] ; Registry value name in full path = Type, Value ; REG_SZ ( 1 ) ; REG_EXPAND_SZ ( 2 ) // with environment variables to expand ; REG_BINARY ( 3 ) ; REG_DWORD ( 4 ) ; REG_MULTI_SZ ( 7 ) ;Copied to Default DC GPO ;We need to make sure Server-Side Packet Signing is on in the DC case. ;The rest of the registry values are maintained from the server. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 ;---------------------------------------------------------------------- ; Privileges & Rights ;---------------------------------------------------------------------- ; ; Setting of privileges & logon rights for well-known users & groups. ; ;SeNetworkLogonRight = Access this computer from the network ;SeTcbPrivilege = Act as part of the operating System - (Advanced) ;SeMachineAccountPrivilege = Add workstations to the domain - (Advanced) ;SeBackupPrivilege = Back up files and directories ;SeChangeNotifyPrivilege = Bypass traverse checking - (Advanced) ;SeSystemtimePrivilege = Change the system time ;SeCreatePagefilePrivilege = Create a pagefile - (Advanced) ;SeCreateTokenPrivilege = Create a token object - (Advanced) ;SeCreatePermanentPrivilege = Create permanent shared objects - (Advanced) ;SeDebugPrivilege = Debug programs - (Advanced) ;SeRemoteShutdownPrivilege = Force shutdown from a remote system ;SeAuditPrivilege = Generate security audits - (Advanced) ;SeIncreaseQuotaPrivilege = Increase quotas - (Advanced) ;SeIncreaseBasePriorityPrivilege= Increase scheduling priority - (Advanced) ;SeLoadDriverPrivilege = Load and unload device drivers ;SeLockMemoryPrivilege = Lock pages in memory - (Advanced) ;SeBatchLogonRight = Log on as a batch job - (Advanced) ;SeServiceLogonRight = Log on as a service - (Advanced) ;SeInteractiveLogonRight = Log on locally - (Advanced) ;SeSecurityPrivilege = Manage auditing and security log - (Advanced) ;SeSystemEnvironmentPrivilege = Modify firmware environment variables - (Advanced) ;SeProfileSingleProcessPrivilege= Profile single process - (Advanced) ;SeSystemProfilePrivilege = Profile system performance - (Advanced) ;SeAssignPrimaryTokenPrivilege = Replace a process-level token - (Advanced) ;SeRestorePrivilege = Restore files and directories ;SeShutdownPrivilege = Shut down the system ;SeTakeOwnershipPrivilege = Take ownership of files or other objects ;SeUnsolicitedInputPrivilege - (Advanced) ; [Privilege Rights] ;Add Whatever a DC should have by default. ;Remove Power Users from every right since it no longer exists but may have been added. ;Remove Whatever *Default* Server Rights don't belong on a DC ;If Server and DC Defaults are the same, then only power users is removed ;If You remove Everyone, Remove Authenticated Users as well. SeAssignPrimaryTokenPrivilege = Remove:, %SceInfPowerUsers% SeAuditPrivilege = Remove:, %SceInfPowerUsers% SeBackupPrivilege = Add:, %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%, Remove:, %SceInfPowerUsers% SeBatchLogonRight = Remove:, %SceInfPowerUsers% SeChangeNotifyPrivilege = Add:, %SceInfAdmins%, %SceInfAuthUsers%, %SceInfEveryone%, Remove:, %SceInfBackupOp%, %SceInfPowerUsers%, %SceInfUsers% SeCreatePagefilePrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeCreatePermanentPrivilege = Remove:, %SceInfPowerUsers% SeCreateTokenPrivilege = Remove:, %SceInfPowerUsers% SeDebugPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeIncreaseBasePriorityPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeIncreaseQuotaPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeInteractiveLogonRight = Add:, %SceInfAcountOp%, %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%, %SceInfPrintOp%, Remove:, %SceInfPowerUsers%, %SceInfAuthUsers%, %SceInfGuests%, %SceInfGuest%, %SceInfUsers%, %SceInfEveryone% SeLoadDriverPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeLockMemoryPrivilege = Remove:, %SceInfPowerUsers% SeMachineAccountPrivilege = Add:, %SceInfAuthUsers%, Remove:, %SceInfPowerUsers% SeNetworkLogonRight = Add:, %SceInfAdmins%, %SceInfAuthUsers%, %SceInfEveryone%, Remove:, %SceInfBackupOp%, %SceInfPowerUsers%, %SceInfGuests%, %SceInfGuest%, %SceInfUsers% SeProfileSingleProcessPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeRemoteShutdownPrivilege = Add:, %SceInfAdmins%, %SceInfServerOp%, Remove:, %SceInfPowerUsers% SeRestorePrivilege = Add:, %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%, Remove:, %SceInfPowerUsers% SeSecurityPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeServiceLogonRight = Remove:, %SceInfPowerUsers% SeShutdownPrivilege = Add:, %SceInfAcountOp%, %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%, %SceInfPrintOp%, Remove:, %SceInfPowerUsers%, %SceInfAuthUsers%, %SceInfGuests%, %SceInfGuest%, %SceInfUsers%, %SceInfEveryone% SeSystemEnvironmentPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeSystemProfilePrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeSystemTimePrivilege = Add:, %SceInfAdmins%, %SceInfServerOp%, Remove:, %SceInfPowerUsers% SeTakeOwnershipPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% SeTcbPrivilege = Remove:, %SceInfPowerUsers% ; SeDenyInteractiveLogonRight = Remove:, %SceInfPowerUsers% SeDenyBatchLogonRight = Remove:, %SceInfPowerUsers% SeDenyServiceLogonRight = Remove:, %SceInfPowerUsers% SeDenyNetworkLogonRight = Remove:, %SceInfPowerUsers% ; SeUndockPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers%, %SceInfUsers% SeSyncAgentPrivilege = Remove:, %SceInfPowerUsers% SeEnableDelegationPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers% [Registry Keys] "MACHINE\SOFTWARE",2,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" ;We have to update classes root because server sets PU there. "MACHINE\SOFTWARE\Classes",2,"D:(A;CI;GR;;;WD)" "MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\DeviceManager",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)" "MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" ;Don't overwrite the following keys which are protected and secured by the component "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion",2,"D:(A;CI;GR;;;WD)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AsrCommands",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;BO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GR;;;IU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\Clone",1,"D:AR" "MACHINE\SYSTEM\ControlSet001",1,"D:AR" "MACHINE\SYSTEM\ControlSet002",1,"D:AR" "MACHINE\SYSTEM\ControlSet003",1,"D:AR" "MACHINE\SYSTEM\ControlSet004",1,"D:AR" "MACHINE\SYSTEM\ControlSet005",1,"D:AR" "MACHINE\SYSTEM\ControlSet006",1,"D:AR" "MACHINE\SYSTEM\ControlSet007",1,"D:AR" "MACHINE\SYSTEM\ControlSet008",1,"D:AR" "MACHINE\SYSTEM\ControlSet009",1,"D:AR" "MACHINE\SYSTEM\ControlSet010",1,"D:AR" "MACHINE\SYSTEM\CurrentControlSet\Control",2,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:AR" "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:P(A;CI;GA;;;BA)(A;CI;GR;;;BO)" "MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" ;Allowed Paths "MACHINE\SYSTEM\CurrentControlSet\Control\Computername",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR" "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR" "MACHINE\SYSTEM\CurrentControlSet\Services",2,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Services\KDC",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "USERS\.DEFAULT",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)" "USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR" [File Security] ;--------------------------------------------------------------------------------------- ;x86 Boot Files ;--------------------------------------------------------------------------------------- "c:\boot.ini",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "c:\ntdetect.com",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "c:\ntldr",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "c:\ntbootdd.sys",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "c:\autoexec.bat",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "c:\config.sys",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" ;--------------------------------------------------------------------------------------------- ;System Drive (\) ;--------------------------------------------------------------------------------------------- "%SystemDrive%\%SCEInfProgramFiles%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;--------------------------------------------------------------------------------------------- ;System Root (Typically \WINNT) ;--------------------------------------------------------------------------------------------- "%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;;GRGX;;;WD)" "%SystemRoot%\Debug\UserMode",2,"D:PAR(A;;0x00100023;;;AU)(A;OIIO;0x00100006;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)" "%SystemRoot%\explorer.exe",2,"D:(A;;GRGX;;;WD)" "%SystemRoot%\Installer",1,"D:AR" "%SystemRoot%\Profiles",1,"D:AR" "%SystemRoot%\repair",2,"D:P(A;CI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\security",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)" "%Systemroot%\tasks",1,"D:AR" "%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;--------------------------------------------------------------------------------------------- ;System Directory (Typically \Winnt\System32) ;--------------------------------------------------------------------------------------------- "%SystemDirectory%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;OINP;GRGX;;;WD)" "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;AU)(A;CI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\dhcp",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\dllcache",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)" "%SystemDirectory%\ias",2,"D:P(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\GroupPolicy",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\NTMSData",1,"D:AR" "%SystemDirectory%\spool",2,"D:(A;CIOI;GA;;;PO)" "%SystemDirectory%\Autoexec.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDirectory%\CMOS.RAM",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDirectory%\Config.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDirectory%\Midimap.cfg",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDirectory%\hpmon.dll",2,"D:(A;;GRGWGXSD;;;PO)" "%SystemDirectory%\hpmon.hlp",2,"D:(A;;GRGWGXSD;;;PO)" ;--------------------------------------------------------------------------------------------- ;DS Data and Log Directories. THESE ENVIRONMENT VARIABLES MUST BE SET!!!!!!!!!!!!!!!!!!!!!!!! ;--------------------------------------------------------------------------------------------- "%DSDIT%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)" "%DSLOG%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)" ;--------------------------------------------------------------------------------------------- ;Sysvol. THIS ENVIRONMENT VARIABLE MUST BE SET!!!!!!!!!!!!!!!!!!!!!!!!! ;--------------------------------------------------------------------------------------------- "%Sysvol%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%Sysvol%\domain\policies",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGX;;;PA)" ;--------------------------------------------------------------------------------------------- ;Default Domain Policy GPO and Default Domain Controllers Policy GPO ;--------------------------------------------------------------------------------------------- "%Sysvol%\domain\policies\{31b2f340-016d-11d2-945f-00c04fb984f9}",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%Sysvol%\domain\policies\{6ac1786c-016f-11d2-945f-00c04fb984f9}",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" [Strings] SceInfAdministrator = Administrator SceInfAdmins = Administrators SceInfAcountOp = Account Operators SceInfAuthUsers = Authenticated Users SceInfBackupOp = Backup Operators SceInfDomainAdmins = Domain Admins SceInfDomainGuests = Domain Guests SceInfDomainUsers = Domain Users SceInfEveryone = Everyone SceInfGuests = Guests SceInfGuest = Guest SceInfPowerUsers = Power Users SceInfPrintOp = Print Operators SceInfReplicator = Replicator SceInfServerOp = Server Operators SceInfUsers = Users SceInfProgramFiles = Program Files SceDefltDCProfileDescription = Default Security Settings applied during DCPromo. (Windows 2000 DC's)