Local security policy is exposed through the Security Settings extension to Group Policy.
This may be desirable if you have changed your mind about the relevancy or the security specification that was originally defined for an object.
For example: In the example above, you already clicked the Edit Security control in step 6.
Effective policy describes the combined local, domain, and organizational unit policies for each setting.
This distinction is made because local policy settings can be overwritten by domain or OU policy settings.
(Note: If you installed Windows 2000 in a different drive and/or directory, that path will display instead of C:\WINNT.) However, in this guide you are going to modify the predefined secure workstation or server template (Securews.inf) that is included with Windows 2000.
To view the settings defined by Securews.inf: A Restricted Group Policy allows you to define who should and should not belong to a specific group.
This guide assumes that you have run the procedures in the two-part "Step by Step Guide to A Common Infrastructure for Windows 2000 Server Deployment"
The common infrastructure documents specify a particular hardware and software configuration.
If you select Replace existing permission on all subfolders and files with inheritable permissions, all explicit ACEs for all child objects (which are not otherwise listed in the template) are removed, and all child objects are set to inherit the inheritable permissions defined for this parent.
To prevent a child object from being overwritten by a parent, the child object can be added to the template and ignored If a child object is added to the template and ignored, then that child's inheritance mode and that child's explicit ACEs remain untouched.
Modifying local security policy To modify a local security policy setting, double-click the security item of interest and revise the policy.