To configure system security

Using the Windows interface 

1.

Open Security Configuration and Analysis

2.

In the console tree, right-click Security Configuration and Analysis, and then click Open Database.

Where?

ConsoleRoot  > Security Configuration and Analysis 

3.

In Open database, do one of the following:

To create a new database, in File name, type a file name and click Open.

To open an existing database, click a database and click Open.

4.

If you are creating a new database, in Import Template, click a template and click Open.

5.

In the console tree, right-click Security Configuration and Analysis, and then click Configure Computer Now.

6.

Do one of the following:

To use the default log, in Error log file path, click OK.

To specify a different log, in Error log file path, type a valid path and file name.

Note

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 

To open Security Configuration and Analysis, click Start, click Run, type mmc, and then click OK. On the File menu, click Open, click the console that you want to open, and then click Open. In the console tree, click Security Configuration and Analysis.

To check the log file, right click Security Configuration and Analysis, and then click View Log File.

The default path for the log file is:

systemroot\Documents and Settings\UserAccount\My Documents\Security\Logs\

Using a command line 

Open Command Prompt

Type:

secedit/configure /DB FileName [/CFG FileName][/overwrite][/areas Area1 Area2...] [/log LogPath] [/quiet]

ArgumentDescription

/DB FileName 

Required. Provides the path to a database that contains the security template that should be applied.

/CFG FileName 

This argument is only valid when used with the /DB parameter. It is the path to at least one security template that will be imported into the database and applied to the system. If this argument is not specified, the template already stored in the database is applied.

/overwrite 

This argument is only valid when the /CFG argument is also used. This specifies whether the security template in the /CFG argument should overwrite any template or composite template stored in the database instead of appending the results to the stored template. If this is not specified, the template in the /CFG argument will be merged with the stored template.

/areas Area1 Area2...

Specifies the security areas to be applied to the system. The default is All Areas. Each area should be separated by a space.

Area NameDescription

SECURITYPOLICY

Local policy and domain policy for the system, including account policies, audit policies, and so on.

GROUP_MGMT

Restricted group settings for any groups specified in the security template

USER_RIGHTS

User logon rights and granting of privileges

REGKEYS

Security on local registry keys

FILESTORE

Security on local file storage

SERVICES

Security for all defined services

/log LogPath

Path to the log file for the process..

/quiet

Suppresses screen and log output.

Top of pageTop of page

Note

Top of pageTop of page

Related Topics

Command-line reference A-Z

Automating security configuration tasks

To open command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 

The default path for the log file is:

%systemroot%\Security\Logs\Scesrv.log

To view the complete syntax for this command, at a command prompt, type:

secedit /?

SecEdit /RefreshPolicy has been replaced with GPupdate. For information on how to refresh security settings, see GPupdate 


Top of pageTop of page