Shulou(Shulou.com)06/03 Report--

This article mainly shows you "how to use secedit.exe local security policy commands". The content is simple and clear. I hope it can help you solve your doubts. Let me lead you to study and learn this article "how to use secedit.exe local security policy commands".

To view the command syntax, click the following command:

The code is as follows:

Secedit / analyze

Secedit / configure

Secedit / export

Secedit / import

Secedit / validate

Secedit / GenerateRollback

Secedit / analyze

You can analyze the security settings on a computer by comparing it with the basic settings in the database.

Grammar

Secedit / analyze / db FileName. Sdb[ / cfgFileName] [/ overwrite] [/ logFileName] [/ quiet]

Parameters.

/ db FileName.sdb

Specifies the database used for analysis.

/ cfg FileName

Specifies the security template to import into the database before analysis. Use the Security templates snap-in to create a security template.

/ log FileName

Specifies the file that records the status of the configuration process. If not specified, the configuration data is logged to the scesrv.log file in the% windir%\ security\ logs directory.

/ quiet

Specifies that no further comments are made during the analysis process.

Annotation

You can view the results of the analysis in the security configuration and analysis.

Example

The following is an example of how to use this command:

Secedit / analyze / db hisecws.sdb

Secedit / configure

Configure the security settings for the local computer by applying settings stored in the database.

Grammar

Secedit / configure / db FileName [/ cfg FileName] [/ overwrite] [/ areasArea1 Area2...] [/ logFileName] [/ quiet]

Parameters.

/ db FileName

Specifies the database used for security configuration.

/ cfg FileName

Specifies the security template to import into the database before configuring the computer. Use the Security templates snap-in to create a security template.

/ overwrite

Specifies that the database should be emptied before importing the security template. If this parameter is not specified, the settings in the security template accumulate into the database. If this parameter is not specified and there is a configuration conflict between the database and the currently imported template, the template configuration takes precedence.

/ areas Area1 Area2...

Specifies the security zone applied to the system. If no parameters are specified, all security settings defined in the database are applied to the system. To configure multiple zones, separate each area with a space. The following security zones are supported: zone name description SECURITYPOLICY includes account policy, audit policy, event log settings, and security options. GROUP_MGMT includes configuration of restricted groups USER_RIGHTS including user rights assignment REGKEYS including registry permissions FILESTORE including file system permissions SERVICES including system service settings

/ log FileName

Specifies the file that records the status of the configuration process. If not specified, the configuration data is logged to the scesrv.log file in the% windir%\ security\ logs directory.

/ quiet

Specifies that the configuration process should take place without prompting the user.

Example

The following is an example of how to use this command:

Secedit / configure / db hisecws.sdb / cfg

Hisecws.inf / overwrite / log hisecws.log

Secedit / export

Security settings stored in the database can be exported.

Grammar

Secedit / export[ / DBFileName] [/ mergedpolicy] [/ CFG FileName] [/ areasArea1 Area2...] [/ logFileName] [/ quiet]

Parameters.

/ db FileName

Specifies the database used to configure security.

/ mergedpolicy

Merge and export domain and local policy security.

/ CFG FileName

Specifies the template to which you want to export settings.

/ areas Area1 Area2...

Specify the security zone that will be exported to the template. If no area is specified, all areas are exported. Each area should be separated by a space. The zone name description SECURITYPOLICY includes account policies, audit policies, event log settings, and security options. GROUP_MGMT includes configuration of restricted groups USER_RIGHTS including user rights assignment REGKEYS including registry permissions FILESTORE including file system permissions SERVICES including system service settings

/ log FileName

Specifies the file that records the status of the export process. If the file is not specified, it is logged to% windir%\ security\ logs\ scesrv.log with the default settings.

/ quiet

Specifies that the configuration process should take place without prompting the user.

Example

The following is an example of how to use this command:

Secedit / export / db hisecws.inf / log hisecws.log

Secedit / import

You can import a security template into a database so that the settings specified in the template can be applied to the system or used as a basis for analyzing the system.

Grammar

Secedit / import / db FileName .sdb / cfg FileName.inf [/ overwrite] [/ areasArea1 Area2...] [/ logFileName] [/ quiet]

Parameters.

/ db FileName .sdb

Specify the database to which you want to import security template settings.

/ CFG FileName

Specifies that you want to import security templates into the database. Use the Security templates snap-in to create a security template.

/ overwrite FileName

Specifies that the database should be emptied before importing the security template. If this parameter is not specified, the settings in the security template accumulate into the database. If this parameter is not specified and there is a configuration conflict between the database and the currently imported template, the template configuration takes precedence.

/ areas Area1 Area2...

Specify the security zone that will be exported to the template. If no area is specified, all areas are exported. Each area should be separated by a space. The zone name description SECURITYPOLICY contains account policies, audit policies, event log settings, and security options. GROUP_MGMT includes configuration of restricted groups USER_RIGHTS including user rights assignment REGKEYS including registry permissions FILESTORE including file system permissions SERVICES including system service settings

/ log FileName

Specifies the file that records the status of the export process. If the file is not specified, it is logged to% windir%\ security\ logs\ scesrv.log with the default settings.

/ quiet

Specifies that the configuration process should take place without prompting the user.

Example

The following is an example of how to use this command:

Secedit / import / db hisecws.sdb / cfg hisecws.inf / overwrite

Secedit / validate

Verify the syntax of the security template to import into the analysis database or system application.

Grammar

Secedit / validate FileName

Parameters.

FileName

Specifies the name of the security template file created using the security template.

Example

The following is an example of how to use this command:

Secedit / validate / cfg filename

Secedit / GenerateRollback

A rollback template can be generated based on the configuration template. When you apply a configuration template to your computer, you can choose to create a rollback template that resets the security settings to the values before the configuration template is applied.

Grammar

Secedit / GenerateRollback / CFG FileName.inf / RBK SecurityTemplatefilename.inf [/ logRollbackFileName.inf] [/ quiet]

Parameters.

/ CFG FileName

Specifies the file name of the security template for which you want to create a rollback template.

/ RBK FileName

Specifies the file name of the security template that will be created as a rollback template.

Annotation

Secedit / refreshpolicy has been replaced by gpupdate.

Format legend

Format meaning

Italic

Information that the user must provide

Bold type

Elements that the user must type exactly as shown

Ellipsis (.)

Parameters that can be repeated multiple times on the command line

Between square brackets ([])

Optional item

Between curly braces ({}); separate options with a pipeline (|). Example: {even | odd}

The user must select an option set from which only one option can be selected

Courier font

Code or program output

The above is all the contents of the article "how to use secedit.exe Local Security Policy commands". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.