Secure Templates (securedc.inf And Securews.inf)

By Author: Jasmine
Total Articles: 286
Comment this article

The secure templates define enhanced security settings that are least likely to impact CompTIA A+ certification application compatibility, such as password, lockout, and audit settings. Additionally, the secure templates limit the use of LAN Manager and NTLM authentication protocols by configuring clients to send only NTLM version 2 responses and configuring servers to refuse LAN Manager responses. Clients that run LAN Manager include Windows for Workgroups as well as Windows 95 and Windows 98 platforms that do not have the DS Client Pack installed. If the DS Client Pack is installed on Windows 95 or Windows 98, those clients can use NTLM version 2. Windows Me and Windows XP Professional support NTLM version 2 without additional modification.
Securews.inf To apply Securews.inf to a member computer, the following constraints apply:
All of the domain controllers that contain the accounts of all users that log on to the client must run Windows NT 4 Service Pack 4 or later.
If the member computer is joined to a domain which contains domain controllers running Windows NT ...
... 4, the clocks between the domain controllers running
Windows NT 4 and the member computers must be within 30 minutes of each other.
If a client is configured with Securews.inf, the following constraints apply:
The client will not be able to connect to servers that only use the LAN Manager authentication protocol or that run Windows NT 4 prior to Service Pack 4 using a local account defined on the target server.
The client will not be able to connect to servers running CompTIA A+ Practical Application or Windows NT 4 using a local account defined on the target server unless the clock
on the target server is within 30 minutes of the clock on the client.
The client will not be able to connect to a computer running Windows XP or later using a local account defined on the target server unless the clock on the target server is within 20 hours of the clock on the client.
The client will not be able to connect to servers running LAN Manager that are running in share-level security mode.
If a server is configured with Securews.inf, the following constraints apply:
A client with a local account on that server cannot connect to it from a client computer amning only LAN Manager using that local account.
If the server is running Windows 2000, a client with a local account on the server configured to use NTLM version 2 authentication will not be able to connect unless the clocks on the two machines are within 30 minutes of each other.
If the server is running mcsa, a client with a local account on the server configured to use NTLM version 2 authentication will not be able to connect
unless the clocks on the two machines are within 20 hours of each other.