using secedit.exe to apply security template on server 2008, 2008R2, and 2003
I created a new template on server 2008 machine use 'security templates' mmc snapin... did the same on a server 2003 machine just to see if the format looked the same... because I would like to use the same template file for 2003/2008/2008R2.
I noticed the following template section was the same for 2003 and 2008 (didn't check 2008 R2 yet)
[Version] signature="$CHICAGO$" Revision=1
I also noticed that without this section, the template cannot be used (error initializing or something like that)
1. curious as to why that section is required? and why the $CHICAGO$?
2. I should be able to use the same template file for 2003/2008/2008R2 right? Provided of course I'm not trying to set a particular setting that only exists on one of the later OS versions on an earlier verion. I believe all my settings exist across all these OS versions, so I'm more asking about format changes, differences between secedit versions, etc..
April 2nd, 2010 11:50pm
Hello
1. curious as to why that section is required? and why the $CHICAGO$?
Is your domain Chicago?, that is the signature which is required to link your domains and yes you must include it to use the templateIsaac Oben MCITP:EA, MCSE
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2010 5:15pm
Hi Isaac, no, my domain is not chicago. I'm applying a security template as a part of a base image install before the machines are joined to any domain... and in my case, most machines will not become a part of any domain. That section was put there like that in a template generated on both a stand-alone 2003 and a stand-alone 2008 server... I guess it's just a default, not sure why it would be required considering it's meaningless, at least in my case it is, I realize it may have some purpose for other scenarios though. Basically, I was given a template to use and couldn't figure out why it wasn't working until I generated my own and compared... only difference I saw was that [Version] section.
what exactly do you mean by it's required to link your domains?
and thanks for the response! I appreciate it.
April 3rd, 2010 5:56pm
> Is your domain Chicago?
LOOOOOOOL :)))))
> I guess it's just a default, not sure why it would be required considering it's meaningless, at least in my case it is, I realize it may have some purpose for other scenarios though
CHICAGO is the target OS type reference. In most INF files two signatures are used:
$CHICAGO$ — usually is used for pre-Windows 2000 systems and is still used for compatibility purposes
$Windows NT$ — usually used for native NT configuration files.
don't worry about this signature.
p.s. AFAIK, Chicago was Windows 95 code name. Here is a little more info: http://technet.microsoft.com/en-us/library/dd346763.aspx
http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2010 6:07pm
Thanks Vadims, I appreciate the info.
April 3rd, 2010 8:10pm