The scwcmd command-line tool provides greater functionality than the GUI-based Security Configuration wizard. The tool allows you to remotely apply role-based security policy to groups of computers, analyze the configuration of groups of computers against the role-based security policy and build GPOs that apply the settings in the role-based security policy.
Security policy allows you to enforce a baseline security configuration across all servers in your environment and verify that all servers remain compliant. So, what are the real benefits of using the command-line tool? Enforcing and auditing security is not a one time job but should be a regular task that needs to be incorporated into the enterprise information security program or policy. Using the scwcmd tool you can automate and run this process on regular basis such as, a script included in the Windows scheduled tasks. The tool can output reports in HTML format which can be published on the enterprise intranet or a web portal used by the security staff.
To create a GPO from a security configuration wizard policy file, from an elevated command prompt on a domain controller type the following:
Scwcmd transform /p:PathandPolicyFilename /g:NewGPODisplayName
The new GPO will then become available under the Group Policy Object node of the Group Policy Management console.
