Information Technology Reference
In-Depth Information
7
Figure 7-22
The Security Configuration and Analysis snap-in
Secedit.exe is a command-line program that performs many of the same functions as the Security
Configuration and Analysis snap-in. Because it's run from the command line, however, you can
use it in scripts and batch files to automate the process of working with security templates.
Secedit.exe has options to import or export some of or all the settings between a security data-
base and a template file. It can also compare settings between a security database and a com-
puter's current settings or apply a security database to a computer.
Activity 7-22: Exploring the Secedit.exe Command
Time Required:
10 minutes
Objective:
Explore the syntax of the Secedit.exe command.
Description:
You want to start working with Secedit.exe so that you can create batch files and
scripts to work with security templates more easily. You start by using the command to display
the options and syntax.
1. Log on to the domain from your Vista computer as Administrator, if necessary.
2. Open a command prompt window, type
secedit
, and press
Enter
to see a list of options to
use with Secedit.exe.
3. Type
secedit /configure
|
more
. You see a description of the option followed by the correct
syntax to use it.
4. Repeat Step 3, substituting
/analyze
,
/import
,
/export
,
/validate
, and
/generaterollback
for
/configure to see the syntax for these options.
5. Type
cd \users\administrator.w2k8adXX\security\database
and press
Enter
to change to the
directory where the Wslowsec database from the previous activity was created. Type
dir
and
press
Enter
. You should see the Wslowsec.sdb file.
6. Type
secedit /analyze /db wslowsec.sdb /log seclog.txt
and press
Enter
.
Search WWH ::
Custom Search