Techblog - Tim Wanierke » Print » Define a policy template and apply this template using “secedit”

Define a policy template and apply this template using “secedit”

Dieser Eintrag stammt von Tim Wanierke Am 20.5.2010 @ 21:34 In Microsoft | Keine Kommentare

Create a new policy template

1. Open the MMC SnapIn “Security Templates“.
2. Create a new Template using the context menu “New Template“.
3. Define a name for the template
   e.g. “DenyLogonLocally”
4. Define the policy as you want
    e.g. Add a group name to the setting
    “Local Policies -> User Rights Assignment -> Deny logon locally”
5. Save this policy template using the contect menu “Save as …“
    This will create a .inf file e.g. “DenyLogonLocally.inf”

Apply a policy template using “secedit”

1. To apply the policy template create before for example on a DMZ Server
    where no GPO can be applied just type in the following command.

secedit /configure /db %temp%\temp.sdb /cfg DenyLogonLocally.inf

This command will apply the settings that have been defined within the policy
template on the computer.

Links:
Security Templates : [1] http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
Secedit : [2] http://technet.microsoft.com/en-us/library/bb490997.aspx
Secedit : [3] http://www.gruppenrichtlinien.de/index.html?/sec/secedit_in_der_CMD.htm

Dieser Artikel wurde ausgedruckt ab Techblog - Tim Wanierke: http://techblog.wanierke.de

URL zum Artikel: http://techblog.wanierke.de/2010/05/20/define-a-policy-template-and-apply-this-template-using-secedit/

URLs in this post:
[1] http://www.windowsecurity.com/articles/Baselining-Security-Templates.html: http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
[2] http://technet.microsoft.com/en-us/library/bb490997.aspx: http://technet.microsoft.com/en-us/library/bb490997.aspx
[3] http://www.gruppenrichtlinien.de/index.html?/sec/secedit_in_der_CMD.htm: http://www.gruppenrichtlinien.de/index.html?/sec/secedit_in_der_CMD.htm

Klicken hier zum Drucken.