Checklist: Use secedit to configure workgroup security

You may download a printer-friendly version.

Checklist: Use secedit for workgroup security

Step 1: Prepare a security template

To prepare a security template, use the instructions in my previous checklist.

Step 2: Make a copy

Copy the template you just created to the computer you wish to configure.

Step 3: Study the syntax of the secedit command

The secedit command can be used to perform the same tasks as the Security Configuration and Analysis tool -- and then some. It allows you to configure or analyze

security on a computer. In Windows XP and Windows Server 2003, it can also be used to create a rollback template (to reverse settings in the template you just applied). To use

the command, you need the name and location of the security template, the name and location of the database (use the command to create one) and the correct syntax of the command.

For instance, to configure a computer using a security template, you would need: Secedit/configure/dbfilenamedb /cfg filenamest/overwrite

The filenamedb is the security database name to be used. The filenamest is the security template name. If the database and template do not exist in the folder you open when you

issue the command, you must enter the complete path of the file. Use the overwrite parameter to instruct that the database be emptied before loading the security template.

(If you do not specify this, any security settings already in the database may be combined with those in the security template.) A log file is created and placed in the scesrv.log file

located in the <systemroot>\security\Logs folder by default. You can also use the \log parameter and enter your own name for a log file to be created. Use the /quiet parameter

to prevent any data from appearing on the screen during the application.

Step 4: Use the secedit command to apply the template

This command allows you to apply mytemplate.inf using database mydatabase.sdb: Secedit /configure /db mydatabase.sdb cfg/ mytemplate.inf /overwrite /quiet

Step 5: Optionally, use a script to apply the command

Use the previous command in a script if you're comfortable doing so. If you are not a scripting wizard, a sample script is available at Microsoft's TechNet resource.

Scroll down to the section on configuring security for workgroup/standalone computers.

More checklists from Roberta Bragg

ABOUT THE AUTHOR:   Go back to Checklists

Roberta Bragg is author of "Hardening Windows systems" and a SearchWindowsSecurity.com resident expert. She is an MCSE, CISSP and Microsoft MVP, and a well-known information systems security consultant, columnist and speaker. Click to ask Roberta a question or purchase her book here. Also, if you have specific questions or comments about any of Roberta's checklists, click to e-mail the editor. Copyright 2005

Rate this Tip To rate tips, you must be a member of SearchWindowsSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Protocols and Services Vista SP1 vs. XP SP3 -- upgrade or business as usual? How to solve Windows security log mysteries How to generate actions from events in Microsoft Vista Blocking peer-to-peer applications Step 1: Blocking peer-to-peer applications Multiple Connections - Management Step-by-step guide: Elevating privileges for an administrator Checklist: Protecting users from themselves WinDump: The tcpdump tool for Windows Client hardening Protocols and Services Can I prevent network users from installing 3rd party software? Multiple Connections - Management WinDump: The tcpdump tool for Windows StartupRun Security concerns of unattended, automatic installations Laptop security in Windows: Defend from infection with firewalls Enabling auditing on a File&Print server Restricting file copy on a Windows Server 2000 domain Ethereal Cain & Abel Defining Policy What's hot in Microsoft Windows security Here's how three IT shops manage passwords Insider security threats: Watch out for the quiet ones Troubleshooting your Windows-based VPN Telecommuter security kit Finding lost or forgotten passwords Ethical hacking Checklist: 11 things to do after a hack Build secure computer password policies Password hardening Defining Policy Research RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.