Practical Windows Hardening: Security Templates#

Security templates are designed to help strengthen our operating systems against potential attacks. By creating a security template, we can specify a set of security settings that should be applied to a system. This helps to ensure that all systems are properly secured, and makes it easier to manage security settings across a large number of systems. In this blog, we are going to take a look at the security templates in Windows and how to utilize these tools to protect our environment.

Security Templates#

Security templates in Windows are the entry point for configuring environment settings. Security templates have multiple parameters and they can be customized to regulate devices.

Examples of what you can control and manage with security templates are as follows:

user privileges,
password guidelines,
system management,
and system authorization.

A security template is a tool that defines parameters for carrying out a certain action. Microsoft includes a complete set of templates that address a variety of typical security issues. These security templates are classified into two types:

default
and incremental.

Security templates are .inf files. They include settings for the logs, groups, processes, registry security, and system. Group Policy is often used to configure security settings in a business environment that uses a domain. Importing security templates into a Group Policy is possible.

.SV: Templates ending with this extension are used for a member or autonomous device.

.DC: Templates ending with this extension are used for domain controllers.

.WK: These types of security templates are used for consumer user workstations.

Windows security templates#

Windows Security templates are a component of Group Policy in the Microsoft Windows operating system. You can edit, customize or duplicate based on your enterprise security needs. Windows includes the following security templates by default.

Compatws.inf: It modifies the file and Registry permissions to ensure that the security settings are compatible with those required to support legacy apps. It is typically employed when you need older application support.

DC security.inf: When a server is joined to a domain, this template is built. You may also set back a domain controller to the initial settings.

Hisecdc.inf: Improves security on a domain.

Hisecws.inf: Improves security on client machines and member servers.

Securedc.inf: It enhances a domain controller’s security.

Securews.inf: It improves client and member machine security.

security.inf: It is the basic security settings that are applied after installation.

Benefits of security templates#

By utilizing security templates, you can save time and effort during the first implementation. It enhances the fine-tuning process of administrative units(OUs), or the whole domain as time allows.