Security Templates

What do you need to know about Security Templates?

Security Templates are…

  • Preconfigured Security Settings
  • Saved as .inf Files
  • Can be applied to single or multiple machines (via GPO)
  • Following settings can be affected
    • Account policies
    • Local policies
    • Event log
    • Restricted groups
    • System Services
    • Registry
    • File System
  • Can be configured…
    • GPO
    • …via command line with secedit.exe
    • Security Configuration and Analysis
    • Security Templates
    • Security Compliance Manager (separat download)

Security Configuration and Analysis and Security Templates

To work with them, first open an empty mmc and add the Snap-ins “Security Configuration and Analysis” and “Security Templates”.

Security Templates in Windows Server 2012

Create a Template

    • Right click on the path under Security Template
    • Choose “New Template”
    • Name the template as wanted
Security Templates in Windows Server 2012
    • Set the settings as wanted – note that you have the same settings as in the GPOs
Security Templates in Windows Server 2012
  • When finished right click on your setting and select “Save”

Now you have saved your setting in the mentioned folder as a inf-File.

Security Templates in Windows Server 2012

 

What can you do with it?

Use template in a GPO

To do this…

  • Create a new GPO or open an existing one
  • Browse to Security Settings
  • Right click on it
  • Choose “Import policy”
  • Open the policy and click OK
Security Templates in Windows Server 2012

Check the settings in the template against the current settings

To do this…

    • Right click the Security Configuration and Anlysis scope item
    • Click “Open Database”
    • Type a new database name and then click open
    • Select your security template to import and then click Open
    • Right click the Security Configuration and Analysis scope item again
    • Select “Analyze Computer Now”
    • Click “OK” for the Log-File
Security Templates in Windows Server 2012
  • If you want to override the current settings with the settings in the temnplate, choose “Configure Computer now”

secedit.exe

Secedit.exe is a command line tool

secedit /configure /db secedit.sdb /cfg"c:sectemplatesmytemplate.inf" /silent

This command imports the security template file “mytemplate.inf” into the machines local security database.

For more information see this Article on ITninja.com

Did you like the article? Then I'm happy if you like and share it.
Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *