The master upgrades NT to 2003 with a coup

The Microsoft® Windows® Server 2003 operating system product family offers powerful capabilities far beyond the Microsoft Windows NT® Server 4.0 server family. The Windows Server 2003 family of products was designed with an eye on the easy upgrade of Windows NT Server 4.0. This article outlines the process of upgrading or migrating to a Windows Server 2003 Active Directory® service and describes some of the decisions that need to be made during the upgrade or migration process. The first thing you need to consider when upgrading is to choose the version of Windows Server 2003 that best meets your needs.

When upgrading a Windows NT 4.0-based computer to Windows Server 2003, the "Windows Installer" does not change the registry and file system ACLs. Windows Server 2003 allows for a higher level of security, and it handles registry and file system permissions differently than Windows NT 4.0. Microsoft recommends that you apply Windows 2003 ACLs to computers that are upgraded from Windows NT 4.0.

To apply the registry and file system ACLs, you can use the "Security Configuration and Analysis" snap-in. Please note that you must be a member of the “Administrators” group to perform this procedure.

How to apply the default system security settings on a computer that is upgraded from Windows NT 4.0 to Windows Server 2003 as a member of the "Administrator" or "Administrators" group.

Click Start, click Run, type mmc in the Open box, and then click OK.

On the File menu, click “Add/Remove Snap-in.

Click Add, <;Security Configuration & Analysis", Add, click Close, then click OK.

In the console tree, right-click “Security Configuration and Analysis" and click Open Database.

Specify the name of the database (for example, upgdbase) and location, then click Open.

In the Import Templates dialog box that appears on the screen, click Set Security.inf, and then click Open.

Right-click on “Security Configuration and Analysis" and click Analyze Computer Now.

In the Execution Analysis dialog box that appears on the screen, accept the default log file path shown in the "Error log file path" box, or specify the desired location and click OK.

Compare this template security settings to your existing computer settings.

Note: At this point, no changes will be made to the computer. The results of this process indicate how the security settings in the template differ from the actual system settings.

When you complete the analysis, expand the various components in the console tree, such as account policies, local policies, event logs, restricted groups, and system services.

For each component you expanded in step 10, view its security properties in the right pane of the policy column, and note the following:

with green The item marked with a check indicates that the current computer settings are the same as the security settings in the database.

Items with red <x” indicate that the current computer settings are different from the security settings in the database.

If the green checkmark or red <x” is not displayed, this security attribute is not defined in the template and is not analyzed.

If you want to add or modify database settings, right-click the security attribute you want to add or modify, and then click Properties. Click the "Define this policy in the database" checkbox, select it (if it is not already selected), make the required changes to the policy settings, and click OK.

Note: The Database Settings column shows the security settings contained in the template, and the Computer Settings column shows the current settings for your computer.

To configure your computer to use the security settings in your database, right-click “Security Configuration and Analysis", and then click Configure Computer Now.

In the Configure System dialog box that appears on the screen, accept the default path and log file name, or type the path and file name you want and click OK.

The secure database configuration is applied to the computer.

If there is a conflict between the database project and the existing security configuration on the computer, the existing project will be overwritten unless you eliminate the difference between the two before configuring the computer.