Windows 2000 and Windows XP comes with a commandline utility,
Secedit
Configures and analyzes system security by comparing your current
configuration to at least one template.
Parameters
- /db FileName
- Required. Specifies the path and file name of a database that contains the
stored configuration against which the analysis will be performed. If
FileName specifies a new database, the/cfg command-line option must also be specified.
FileName
- /cfg FileName
- Specifies the path and file name for the security template that will be
imported into the database for analysis. This command-line option is only valid
when used with the /db parameter. If this is not specified, the analysis
is performed against any configuration already stored in the database.
- /log FileName
- Specifies the path and file name of the log file for the process. If this is
not provided, the default log file is used.
- /quiet
- Suppresses screen and log output. You can still view analysis results by
using Security Configuration and Analysis.
Parameters
- /db FileName
- Required. Provides the file name of a database that contains the security
template that should be applied.
- /cfg FileName
- Specifies the file name of the security template that will be imported into
the database and applied to the system. This command-line option is only valid
when used with the /db parameter. If this is not specified, the template
that is already stored in the database is applied.
- /overwrite
- Specifies whether the security template in the /cfg parameter should
overwrite any template or composite template that is stored in the database
instead of appending the results to the stored template. This command-line
option is only valid when the /cfg parameter is also used. If this is not
specified, the template in the /cfg parameter is appended to the stored
template.
- /areas area1 area2…
- Specifies the security areas to be applied to the system. If an area is not
specified, all areas are applied to the system. Each area should be separated by
a space.
Area name
Description
SECURITYPOLICY
Local policy and domain policy for the system, including account policies,
audit policies, and so on.
GROUP_MGMT
Restricted group settings for any groups specified in the security
template
USER_RIGHTS
User logon rights and granting of privileges
REGKEYS
Security on local registry keys
FILESTORE
Security on local file storage
SERVICES
Security for all defined services
- /log FileName
- Specifies the file name of the log file for the process. If it is not
specified, the default path is used.
- /quiet
- Suppresses screen and log output.
Exports a stored template from a security database to a security template
file.
Syntax
Parameters
- /mergedpolicy
- Merges and exports domain and local policy security settings.
- /db FileName
- Specifies the database file that contains the template that will be
exported. If the name of a database file is not provided, the system policy
database is used.
- /db FileName
- Specifies the file name where the template should be saved.
- /areas area1 area2…
- Specifies the security areas to be exported to a template. If an area is not
specified, all areas are exported. Each area should be separated by a space.
Area name
Description
SECURITYPOLICY
Specifies local policy and domain policy for the system, including account
policies, audit policies, and so on.
GROUP_MGMT
Specifies restricted group settings for any groups specified in the security
template.
USER_RIGHTS
Specifies user logon rights and granting of privileges
REGKEYS
Specifies the security on local registry keys
FILESTORE
Specifies the security on local file storage
SERVICES
Specifies security for all defined services
- /log FileName
- Specifies the file name of the log file for the process. If not specified,
the default path is used.
- /quiet
- Suppresses screen and log output.
Validates the syntax of a security template to be imported into a database
for analysis or application to a system.
Syntax
secedit
Parameter
- FileName
- Specifies the file name of the security template you have created with
Security Templates.