The first step to implementing the security baseline on your computers is to determine what the baselines will be for each type of computer. The next step is to create an environment that makes it easy and efficient to implement these settings. The solution to step two is to develop security templates for each type of computer.
To complete this security template creation you will use the Security Templates snap-in. The Security Templates snap-in is included in the Microsoft Management Console (MMC). To access the MMC and include the snap-in, follow these steps:
1. Click the Start button.
2. Select the Run menu option.
3. Type MMC into the text box and click the OK button.
4. Select Console from the Toolbar to get the menu options.
5. Select the Add-Remove snap-in menu option.
6. Click the Add button.
7. Select Security Templates from the Snap-ins list, then click the Add button.
8. Click the Close button, then click the OK button.
9. Expand the Security Templates node, then expand the C:\Winnt\Security\Templates node to see the list of security templates, as shown in Figure 1.
Fig 1: Security templates snap-in provides access to the default templates, as well as the ability to create new templates
You can either start with one of the preconfigured security templates, or you can create your own. If one of the preconfigured templates has 90% of the settings that you prefer you can just copy it as a starting place.
If you want to create your own security template, just right-click on the security template folder (C:\Winnt\Security\Templates) and select New Template.
This will create a new template that has not configurations in it to begin with. As a suggestion, make sure you name the security template according to what it will be controlling, because they can be hard to track down when there are numerous templates created.
After you create the template, you will just delve into the different topical areas of the security template, making the settings that match the security baseline settings that you have established.
To make the process of creating all of your security template more efficient, you can create a matrix that includes all security baselines and their settings. Start by creating the security template that has the fewest baseline settings. Then, copy this template to create the additional templates, which will just need to be configured for the differences from the original security template.
Deploying the Security Templates
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.