Michael Ellerbeck

By default MSS settings are not visible in Windows Operating system and Servers.

Eg. MSS: (AutoAdminLogon) Enable Automatic Logon, MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes etc

These additional group policy settings were developed by the Microsoft Solutions for Security group and are documented in the appropriate security guides.

For Windows Server 2008 is available here: http://www.microsoft.com/en-us/download/details.aspx?id=17606

There are two methods to enable MSS settings :

1.       Using Microsoft Security Compliance tool.
2.       Editing sceregvl.inf file.

• Using Microsoft Security Compliance tool.

1.       Download Security compliance manager from here : http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx
2.       Install SCM
3.       After installing SCM, copy  “LocalGPO.msi” file from the following path: “C:\Program Files (x86)\Microsoft Security Compliance             Manager\LGPO\LocalGPO.msi”
4.       Run and install the file “LocalGPO.msi” on the server.
5.       Open command prompt and browse to : “C:\Program Files (x86)\LocalGPO”
6.       Run following command “Cscript LocalGPO.wsf /ConfigSCE”
7.       Now MSS Settings will be visible in Security Options in Local Group policy settings.

• Editing sceregvl.inf file.

1.       Browse to %systemroot%\inf
2.       Take ownership of sceregvl.inf and full access on your ID.
3.       Open sceregvl.inf using notepad.
4.       Scroll down to [Register Registry Values] part and copy the contents of this file under [Register Registry Values].
5.       Now browse to [Strings] part and copy the contents of this file under [Strings].
6.       Save sceregvl.inf
7.       Run this command on elevated command prompt “regsvr32 scecli.dll”
8.       Now MSS Settings will be visible in Security Options in Local Group policy   settings.