Secedit configure

The first switch shown in the secedit help file is the configure switch. It is used to configure a system with security settings stored in a database. The parameters are described in Table 2.6.

Table 2.6 secedit.exe configure Switch Parameters Parameter Description

/db filename This argument specifies which database file to use to perform the security configuration. It is a required argument.

/cfg filename This argument specifies a security template to import into the database prior to configuring the system.

Continued

Table 2.6 secedit.exe configure Switch Parameters

Parameter Description

/overwrite This switch specifies whether the database should be emptied prior to importing the security template. If this parameter is not specified, the settings are accumulated in the database (if you import more than one security template, all settings will accumulate). If this parameter is not specified and there are conflicting security settings between the database and the imported template, the template settings win.

/areas areal area2... This argument specifies which security areas to apply to the system. If the parameter is not specified, all settings defined in the database are applied. To configure multiple areas, separate each with a space. See Table 2.7 for a description of the security areas that can be specified.

/log filename This argument is used to specify the path to the log file.

If no path is specified, the default log file will be used.

/quiet This switch suppresses screen and log output. You can still review results of the analysis in the Security Configuration and Analysis snap-in in the MMC. This switch is commonly used when secedit is used in a batch or scheduled task.

Table 2.7 secedit Security Areas Descriptions

Security Area Name

Description

SECURITYPOLICY

Includes local and domain policy for the system,

including account policies, audit policies, event log set

tings, and security options.

GROUP_MGMT

Includes Restricted Group settings for any groups speci

fied in the Security template.

USER_RIGHTS

Includes User Rights assignment such as user logon right

and granting of privileges.

REGKEYS

Includes Registry permissions on the local Registry keys.

FILESTORE

Includes file system permissions on the local file storage

system.

SERVICES

Includes system service settings for all defined services.

An example of the command is shown here. Keep in mind that the command will assume the current directory unless another path is specified. The parameters are shown in bold only for clarity. This example assumes the database is stored in the path c:\windows\security\database and that the template is stored in the path

An example of the command is shown here. Keep in mind that the command will assume the current directory unless another path is specified. The parameters are shown in bold only for clarity. This example assumes the database is stored in the path c:\windows\security\database and that the template is stored in the path c:\windows\templates.Your database and template locations might vary, and if not in the current directory, they should be specified. In addition, this example specifies two security areas, the SECURITYPOLICY area and the FILESTORE area. Each area is separated by a space.

secedit /configure /db c:\windows\security\database\hisecws.sdb /cfg c:\windows\templates\hisecws.inf /overwrite /SECURITYPOLICY FILESTORE /log hisecws.log

It's worth noting here that this is how you can reapply portions of predefined security templates and in particular, the setup security.inf. For example, suppose you've been working on creating a Security template for a particular group of computers on your network including the one you're working on.You imported the securews.inf template and made some modifications and saved the template as secure123.inf. However, you want this template to use default Registry settings from the setup security.inf.You can use the secedit /configure command with the /overwrite switch and specify REGKEYS to configure just this set of policies in your custom template.

Was this article helpful?

0 0
Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook


Post a comment