secedit commands
Configures and analyzes system security by comparing your current security configuration against specified security templates.
Note
The Microsoft Management Console (MMC) and the Security Configuration and Analysis snap-in are not available on Server Core.
Syntax
secedit /analyze
secedit /configure
secedit /export
secedit /generaterollback
secedit /import
secedit /validate
Parameters
Parameter | Description |
---|---|
secedit /analyze | Allows you to analyze current systems settings against baseline settings that are stored in a database. The analysis results are stored in a separate area of the database and can be viewed in the Security Configuration and Analysis snap-in. |
secedit /configure | Allows you to configure a system with security settings stored in a database. |
secedit /export | Allows you to export security settings stored in a database. |
secedit /generaterollback | Allows you to generate a rollback template with respect to a configuration template. |
secedit /import | Allows you to import a security template into a database so that the settings specified in the template can be applied to a system or analyzed against a system. |
secedit /validate | Allows you to validate the syntax of a security template. |
Remarks
If there is no filepath specified, all filenames will default to the current directory.
Your analysis results are stored in a separate area of the database and can be viewed in the Security Configuration and Analysis snap-in to the MMC.
If your security templates are created by using the Security Template snap-in, and if you run the Security Configuration and Analysis snap-in against those templates, the following files are created:
File Description scesrv.log - Location:
%windir%\security\logs
- Created by: Operating system
- File type: Text
- Refresh rate: Overwritten when
secedit analyze
,secedit configure
,secedit export
orsecedit import
is run. - Content: Contains the results of the analysis grouped by policy type.
user-selected name.sdb - Location:
%windir%\<user account>\Documents\Security\Database
- Created by: Running the Security Configuration and Analysis snap-in
- File type: Proprietary
- Refresh rate: Updated whenever a new security template is created.
- Content: Local security policies and user-created security templates.
user-selected name.log - Location: User-defined, but defaults to
%windir%\<user account>\Documents\Security\Logs
- Created by: Running the
secedit analyze
orsecedit configure
commands, or by using the Security Configuration and Analysis snap-in. - File type: Text
- Refresh rate: Overwritten when
secedit analyze
orsecedit configure
is run, or by using the Security Configuration and Analysis snap-in. - Content: Log file name, date and time, and the results of the analysis or investigation.
user-selected name.inf - Location:
%windir%\*<user account>\Documents\Security\Templates
- Created by: Running the Security Template snap-in.
- File type: Text
- Refresh rate: Overwritten each time the security template is updated.
- Content: Contains the set up information for the template for each policy selected using the snap-in.
- Location: