****
*
*
*
*







*
*
                                      
*
*
Windows Server



    

How to export the security settings    

*
*

*
*

How to export the security settings


Categories:


Tags:


Apr
15

How to export the security settings

 

As we know, in the Windows Systems, we can configure the security settings which may include settings for the following areas:

 

SECURITYPOLICY - Includes Account Policies, Audit Policies, Event Log Settings and Security Options.

GROUP_MGMT - Includes Restricted Group settings

USER_RIGHTS - Includes User Rights Assignment

REGKEYS - Includes Registry Permissions

FILESTORE - Includes File System permissions

SERVICES - Includes System Service settings

 

These settings can be applied from Domain Policy (site, domain, OU), and local policies. When the group policy client side extension applies policies, the settings are downloaded and cached on the client computer in the following location:

 

C:\Windows\security\templates\Policies

Then, these templates are merged to the local security database in " C:\Windows\security\secedit.sdb".

 

As for the requirement, I think we may export the current security configurations from the security database and then load it in "Security Configuration and Analysis" for modification. To export the security templates, we can run the following command:

Secedit.exe /Export /DB C:\Windows\Security\Database\Secedit.sdb /MergedPolicy /Cfg C:\Current.inf /Log C:\Log.txt

 

Explanations:

 

----------------------

1. /Export: indicates it's a "Export" action.

2. /DB: specifies the database path is "C:\Windows\Security\Database\Secedit.sdb". It's the default path of the security database on all computers and we don't need to modify this.

3. /MergedPolicy: indicates the result is the mergedpolicy that configured from all levels including local and domain.

4. /Cfg: specifies the target file to which the security configuration will be exported. We can customize this path if you would like to export the settings to another location.

5. /Log: specifies the log file of this command.

----------------------

 

We may also export the policy from the Gpedit.msc console via the following steps:

 

1. Run Gpedit.msc.

2. Expand and highlight "Computer Configuration\Windows Settings\Security Settings".

3. Right click on the node "Security Settings" and then select "Export" to export the "merged policy" (same as the /MergedPolicy switch).

 

After exporting the current security configurations, you may load it in "Security Configuration and Analysis" for the tasks.

 

Just for confirmation, the export settings are stored in the files specified in "/CFG" parameter. For your references, I am including the command for you below:

 

Secedit.exe /Export /DB C:\Windows\Security\Database\Secedit.sdb /MergedPolicy /Cfg C:\Current.inf /Log C:\Log.txt

 

Note: if we run the command above, the exported settings will be stored in C:\Current.inf.

 

In the mean time, you may also try the Gpedit.msc to export the settings.

 

 

 

 

 

 



No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/3129

Leave a comment








*
*

administrator
Author Bio          ★★★★★

Author Name:         administrator
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!


*
*
*
*
****



*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011