Home » Blog » Security Templates

Security Templates

  • Preconfigured Security Settings
  • Saved as .inf Files
  • Can be applied to single or multiple machines (via GPO)
  • Following settings can be affected
    • Account policies
    • Local policies
    • Event log
    • Restricted groups
    • System Services
    • Registry
    • File System
  • Can be configured...
    • GPO
    • ...via command line with secedit.exe
    • Security Configuration and Analysis
    • Security Templates
    • Security Compliance Manager (separat download)

Security Configuration and Analysis and Security Templates

To work with them, first open an empty mmc and add the Snap-ins "Security Configuration and Analysis" and "Security Templates".

Security Templates in Windows Server 2012

Create a Template

  • Right click on the path under Security Template
  • Choose "New Template"
  • Name the template as wanted
  • Security Templates in Windows Server 2012
  • Set the settings as wanted - note that you have the same settings as in the GPOs
  • Security Templates in Windows Server 2012
  • When finished right click on your setting and select "Save"

Now you have saved your setting in the mentioned folder as a inf-File.

Security Templates in Windows Server 2012

What can you do with it?

Use template in a GPO

To do this...

  • Create a new GPO or open an existing one
  • Browse to Security Settings
  • Right click on it
  • Choose "Import policy"
  • Open the policy and click OK
Security Templates in Windows Server 2012

Check the settings in the template against the current settings

To do this...

  • Right click the Security Configuration and Anlysis scope item
  • Click "Open Database"
  • Type a new database name and then click open
  • Select your security template to import and then click Open
  • Right click the Security Configuration and Analysis scope item again
  • Select "Analyze Computer Now"
  • Click "OK" for the Log-File
  • Security Templates in Windows Server 2012
  • If you want to override the current settings with the settings in the temnplate, choose "Configure Computer now"

secedit.exe

Secedit.exe is a command line tool

Secedit /configure /db secedit.sdb /cfg"c:\sectemplates\mytemplate.inf" /silent 

This command imports the security template file "mytemplate.inf" into the machines local security database.

For more information see this Article on ITninja.com

Memory: 4 mb, MySQL: 0.0015 s, 1 request(s), PHP: 0.1285 s, total: 0.1300 s, document retrieved from cache.