none
Configuring security settings on nano server RRS feed

  • Question

  • I earlier had a thread about using secedit on nano server and learned that there will be a "new way" of configuring security on Nano server.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/894a3a8f-64f4-4605-b1ff-9698a53814db/issues-running-secedit-on-nano-server?forum=NanoServer

    With TP5 out, can someone shed some lights on how can we configure security settings on Nano?

    - applying local security policy settings (that we apply using secpol.msc or secedit in full install)

    - configuring firewall, advanced audit pol, event logs etc. settings

    Any reference to nano server security configuration will be helpful.

    I am also interested in knowing what all has changed in nano in terms of security configuration when compared to full installation.

    TIA


    cheers..uc

    Thursday, May 5, 2016 4:13 AM

Answers

  • Hi,

    There are two new PowerShell cmdlets available in Nano Server TP5 to support this:

    Backup-AuditPolicy

    Restore-SecurityPolicy

    The team is working on a blog post with more details, but wanted to share the info.

    Hope that helps,

    Andrew

    Friday, May 6, 2016 9:24 PM

All replies

  • Hi,

    There are two new PowerShell cmdlets available in Nano Server TP5 to support this:

    Backup-AuditPolicy

    Restore-SecurityPolicy

    The team is working on a blog post with more details, but wanted to share the info.

    Hope that helps,

    Andrew

    Friday, May 6, 2016 9:24 PM
  • Hi Andrew,

    Thanks for sharing this info, it is certainly going to be helpful. I will try them out.

    I will look forward to the blog post for detailed info.

    So far I have tried and I was able to use secedit and auditpol.exe successfully. I was earlier trying with a broken secedit inf file that was creating issues.  I hope these are valid ways of configuring security on nano. If not, I will be happy to know about replacement tools.


    cheers..uc

    Saturday, May 7, 2016 9:00 AM
  • Hi,

    Looks like the blog went live today on the PowerShell blog at: https://blogs.msdn.microsoft.com/powershell/2016/05/09/new-security-cmdlets-in-nano-server/

    Let me know if you have any issues or questions,

    Andrew

    Monday, May 9, 2016 11:59 PM
  • Hi Andrew,

    that is nice and informative blog and it appears very simple way of backing up and restoring local security policy. Are there any plans to implement individual local security policies in some way or other (for example, if I only need to set couple of password policies). I would think about DSC resources for local security policies that can be used to configure required policies from all available local security policies. or do you think that users should create custom secedit INF files with required security policies in it and then use the Restore-SecurityPolicy to apply it on nano server whenever required.


    cheers..uc

    Tuesday, May 10, 2016 9:33 AM