- Preconfigured Security Settings
- Saved as .inf Files
- Can be applied to single or multiple machines (via GPO)
- Following settings can be affected
- Account policies
- Local policies
- Event log
- Restricted groups
- System Services
- File System
- Can be configured...
- ...via command line with secedit.exe
- Security Configuration and Analysis
- Security Templates
- Security Compliance Manager (separat download)
Security Configuration and Analysis and Security Templates
To work with them, first open an empty mmc and add the Snap-ins "Security Configuration and Analysis" and "Security Templates".
Create a Template
- Right click on the path under Security Template
- Choose "New Template"
- Name the template as wanted
- Set the settings as wanted - note that you have the same settings as in the GPOs
- When finished right click on your setting and select "Save"
Now you have saved your setting in the mentioned folder as a inf-File.
What can you do with it?
Use template in a GPO
To do this...
- Create a new GPO or open an existing one
- Browse to Security Settings
- Right click on it
- Choose "Import policy"
- Open the policy and click OK
Check the settings in the template against the current settings
To do this...
- Right click the Security Configuration and Anlysis scope item
- Click "Open Database"
- Type a new database name and then click open
- Select your security template to import and then click Open
- Right click the Security Configuration and Analysis scope item again
- Select "Analyze Computer Now"
- Click "OK" for the Log-File
- If you want to override the current settings with the settings in the temnplate, choose "Configure Computer now"
Secedit.exe is a command line tool
Secedit /configure /db secedit.sdb /cfg"c:\sectemplates\mytemplate.inf" /silent
This command imports the security template file "mytemplate.inf" into the machines local security database.
For more information see this Article on ITninja.com