Home
> Commands N-Z
> Commands S
SECEDIT
Description
| Syntax
| Parameters
| Switches
| Related
| Notes
| Examples
| Errorlevels
| Availability
Configures and analyzes system security by comparing
your current configuration to at least one template.
Syntax
SECEDIT
/?
SECEDIT
{/ANALYZE
| /CONFIGURE
| /EXPORT
| /GENERATEROLLBACK
| /IMPORT
| /VALIDATE}
/?
SECEDIT
/ANALYZE
/DB file_name
[/CFG file_name]
[/LOG file_name]
[/OVERWRITE]
[/QUIET]
SECEDIT
/CONFIGURE
/DB file_name
[/AREAS area area2 ...]
[/CFG file_name]
[/LOG file_name]
[/OVERWRITE]
[/QUIET]
SECEDIT
/EXPORT
[/AREAS area area2 ...]
[/DB file_name
[/CFG file_name]]
[/LOG file_name]
[/MERGEDPOLICY]
[/QUIET]
SECEDIT
/GENERATEROLLBACK
/CFG file_name
[/LOG file_name]
[/QUIET]
/RBK file_name
SECEDIT
/IMPORT
[/AREAS area area2 ...]
/DB file_name
/CFG file_name
[/LOG file_name]
[/OVERWRITE]
[/QUIET]
SECEDIT
/VALIDATE
file_name
Parameters
- file_name
(NTXP)
- Specifies the file name of the security template
you have created with Security Templates.
Switches
- /?
(NTXP)
- Displays help.
- /ANALYZE
(NTXP)
- Analyze system security.
- /AREAS area1 area2 ...
(NTXP)
- Specifies the security areas to be applied to the
system. If an area is not specified, all areas are
applied to the system. Each area should be separated
by a space:
- FILESTORE Security on local file storage
- GROUP_MGMT Restricted group settings for any groups
specified in the security template
- REGKEYS Security on local registry keys
- SECURITYPOLICY Local policy and domain policy for the
system, including account policies, audit policies, and so on
- SERVICES Security for all defined services
- USER_RIGHTS User logon rights and granting of
privileges
- /CFG file_name
(NTXP)
- Specifies the path and file name for the security
template that will be imported into the database for
analysis. Only valid when used with
/db. If omitted, the analysis
is performed against any configuration already stored
in the database.
- /CONFIGURE
(NTXP)
- Configures system security by applying a stored
template.
- /DB file_name
(NTXP)
- Specifies the path and file name of a database
that contains the stored configuration against which
the analysis will be performed. If file_name
specifies a new database, /cfg
file_name must also be specified.
- /EXPORT
(NTXP)
- Exports a stored template from a security database
to a security template file.
- /GENERATEROLLBACK
(NT2003)
- Allows you to generate a rollback template with
respect to a configuration template. When applying a
configuration template to a computer you have the
option of creating rollback template which, when
applied, resets the security settings to the values
before the configuration template was applied.
- /IMPORT
(NT2003)
- Allows you to import a security template into a
database so that the settings specified in the
template can be applied to a system or analyzed
against a system.
- /LOG file_name
(NTXP)
- Specifies the path and file name of the log file
for the process. If omitted, the default log file is
used.
- /MERGEDPOLICY
(NTXP)
- Merges and exports domain and local policy
security settings.
- /OVERWRITE
(NTXP)
- Specifies whether the security template in
/cfg should overwrite any
template or composite template that is stored in the
database instead of appending the results to the
stored template. Only valid when
/cfg is used. If omitted,
the /cfg template is appended
to the stored template.
- /QUIET
(NTXP)
- Suppresses screen and log output. You can still view
analysis results by using Security Configuration and
Analysis.
- /RBK file_name
(NT2003)
- Specifies the file name of the security template
that will be created as the rollback template.
- /VALIDATE
(NTXP)
- Validates the syntax of a security template to be
imported into a database for analysis or application
to a system.
Related
SECEDIT
/refreshpolicy has been replaced with
gpupdate.
Notes
none.
Examples
none.
Errorlevels
none.
Availability
- External
-
- DOS
-
none
- Windows
-
none
- Windows NT
-
NTXP
NT2003
Last Updated: 2003/07/28
Direct corrections or suggestions to:
Rick Lively