tailieunhanh - Methods of Restricting Registry Access phần 3

Windows Server 2003 built-in local security groups (the screenshot is taken on the domain controller) Standard security settings are applied by Security Configuration Manager during the operating system installation, | Figure Windows Server 2003 built-in local security groups the screenshot is taken on the domain controller Standard security settings are applied by Security Configuration Manager during the operating system installation when the GUI setup starts. For this purpose the Security Configuration Manager uses security templates located in the oSystemRooi o inf folder. Naturally the template used for applying default security settings depends on the OS being installed and the computer s role in your network environment. When you perform a clean installation of workstations running Windows XP Professional the SystemRoot inf security template will be used notice that upgrades from Windows 9x platforms are treated as clean installs . If you are upgrading to Windows XP from Windows NT 2000 Security Configuration Manager will use the SystemRoot inf security template. When you perform a clean installation of Windows Server 2003 member server default security settings are taken from the SystemRoot inf security template while for upgrades-from the SystemRoot inf template. For domain controllers the SystemRoot inf template is used. When you upgrade domain controllers from Windows NT the Security Configuration Manager will use the SystemRoot inf template. Note If you want to affect the security settings that are applied by default during installation you can modify the above-mentioned security templates in the installation files folder. As was already discussed for standalone computers or computers participating in a workgroup users belonging to the Administrators group have unlimited access to all file system and registry objects. Users and Power Users have a more restricted set of access rights. Note Windows XP and Windows Server 2003 include a new root ACL which is also implemented by Format and Convert commands. In addition to previous releases the Security Configuration Manager now secures the root .