The Windows Server 2008 scwcmd command

The scwcmd command-line tool provides greater functionality than the GUI-based Security Configuration wizard. The tool allows you to remotely apply role-based security policy to groups of computers, analyze the configuration of groups of computers against the role-based security policy and build GPOs that apply the settings in the role-based security policy.

Security policy allows you to enforce a baseline security configuration across all servers in your environment and verify that all servers remain compliant. So, what are the real benefits of using the command-line tool? Enforcing and auditing security is not a one time job but should be a regular task that needs to be incorporated into the enterprise information security program or policy. Using the scwcmd tool you can automate and run this process on regular basis such as, a script included in the Windows scheduled tasks. The tool can output reports in HTML format which can be published on the enterprise intranet or a web portal used by the security staff.

To create a GPO from a security configuration wizard policy file, from an elevated command prompt on a domain controller type the following:

Scwcmd transform /p:PathandPolicyFilename /g:NewGPODisplayName

The new GPO will then become available under the Group Policy Object node of the Group Policy Management console.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top