Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 153
  • Last Modified:

Editing Security Policy Windows 2000

Hello,

I have an IP Security Policy on the local machine.   I need to open up port 132 on the policy.  How can I do this via the COMMAND Line

Thanks!

Randy
0
rjohnsonjr
Asked:
rjohnsonjr
  • 3
1 Solution
 
VirusMinusCommented:
SecEdit

SecEdit is a command-line tool that enables you to manipulate security templates on a system. The operations that are supported by this tool are Create Template, Apply Template, and Analyze.

Get it from the Windows 2000 Server Resource Kit.

I'm not sure if you can change a partcular thing in a policy. but if you set up two templates, one with port 132 open you can switch templates from the command line.
0
 
rjohnsonjrAuthor Commented:
know of any tutorials, documentations are not that good.

Randy
0
 
VirusMinusCommented:
From Technet

Secedit

Configures and analyzes system security by comparing your current configuration to at least one template.

To view the command syntax, click a command:

secedit /analyze

Allows you to analyze the security settings on a computer by comparing them against the baseline settings in a database.

Syntax
secedit /analyze /db FileName.sdb [/cfg FileName] [/overwrite] [/log FileName] [/quiet]

Parameters
/db FileName.sdb
Specifies the database used to perform the analysis.
/cfg FileName
Specifies a security template to import into the database prior to performing the analysis. Security templates are created using the Security Templates snap-in.
/log FileName
Specifies a file in which to log the status of the configuration process. If not specified, configuration data is logged in the scesrv.log file which is located in the %windir%\security\logs directory.
/quiet
Specifies that the analysis process should take place without further comments.
Remarks
You can view the results of the analysis in Security Configuration and Analysis.
Examples
Following is an example of how you can use this command:

secedit /analyze /db hisecws.sdb

secedit /configure

Configures local computer security by applying the settings stored in a database.

Syntax
secedit /configure /db FileName [/cfg FileName ] [/overwrite][/areas Area1 Area2 ...] [/log FileName] [/quiet]

Parameters
/db FileName
Specifies the database used to perform the security configuration.
/cfg FileName
Specifies a security template to import into the database prior to configuring the computer. Security templates are created using the Security Templates snap-in.
/overwrite
Specifies that the database should be emptied prior to importing the security template. If this parameter is not specified, the settings in the security template are accumulated into the database. If this parameter is not specified and there are conflicting settings in the database and the template being imported, the template settings win.
/areas Area1 Area2 ...
Specifies the security areas to be applied to the system. If this parameter is not specified, all security settings defined in the database are applied to the system. To configure multiple areas, separate each area by a space. The following security areas are supported: Area name Description
SECURITYPOLICY Includes account policies, audit policies, event log settings, and security options.
GROUP_MGMT Includes Restricted Group settings
USER_RIGHTS Includes User Rights Assignment  
REGKEYS Includes Registry Permissions
FILESTORE Includes File System permissions  
SERVICES Includes System Service settings

/log FileName
Specifies a file in which to log the status of the configuration process. If not specified, configuration data is logged in the scesrv.log file which is located in the %windir%\security\logs directory.
/quiet
Specifies that the configuration process should take place without prompting the user.
Examples
Following are examples of how you can use this command:

secedit /configure /db hisecws.sdb /cfg

hisecws.inf /overwrite /log hisecws.log

secedit /export

Allows you to export the security settings stored in the database.

Syntax
secedit /export [/DB FileName] [/mergedpolicy] [/CFG FileName] [/areas Area1 Area2 ...] [/log FileName] [/quiet]

Parameters
/db FileName
Specifies the database used to configure security.
/mergedpolicy
Merges and exports domain and local policy security settings.
/CFG FileName
Specifies the template the settings will be exported to.
/areas Area1 Area2 ...
Specifies the security areas to be exported to a template. If an area is not specified, all areas are exported. Each area should be separated by a space. Area name Description
SECURITYPOLICY Includes account policies, audit policies, event log settings, and and security options.
GROUP_MGMT Includes Restricted Group settings
USER_RIGHTS Includes User Rights Assignment  
REGKEYS Includes Registry Permissions
FILESTORE Includes File System permissions  
SERVICES Includes System Service settings

/log FileName
Specifies a file in which to log the status of the export process. If not specified, the default is %windir%\security\logs\scesrv.log.
/quiet
Specifies that the configuration process should take place without prompting the user.
Examples
Following is an example of how you can use this command:

secedit /export /db hisecws.inf /log hisecws.log

secedit /import

Allows you to import a security template into a database so that the settings specified in the template can be applied to a system or analyzed against a system.

Syntax
secedit /import /db FileName.sdb /cfg FileName.inf [/overwrite] [/areas Area1 Area2 ...] [/log FileName] [/quiet]

Parameters
/db FileName.sdb
Specifies the database that the security template settings will be imported into.
/CFG FileName
Specifies a security template to import into the database. Security templates are created using the Security Templates snap-in.
/overwrite FileName
Specifies that the database should be emptied prior to importing the security template. If this parameter is not specified, the settings in the security template are accumulated into the database. If this parameter is not specified and there are conflicting settings in the database and the template being imported, the template settings win.
/areas Area1 Area2 ...
Specifies the security areas to be exported to a template. If an area is not specified, all areas are exported. Each area should be separated by a space. Area name Description
SECURITYPOLICY Includes account policies, audit policies, event log settings, and and security options.
GROUP_MGMT Includes Restricted Group settings
USER_RIGHTS Includes User Rights Assignment  
REGKEYS Includes Registry Permissions
FILESTORE Includes File System permissions  
SERVICES Includes System Service settings

/log FileName
Specifies a file in which to log the status of the export process. If not specified, the default is %windir%\security\logs\scesrv.log.
/quiet
Specifies that the configuration process should take place without prompting the user.
Examples
Following is an example of how you can use this command:

secedit /import /db hisecws.sdb /cfg hisecws.inf /overwrite

secedit /validate

Validates the syntax of a security template to be imported into a database for analysis or application to a system.

Syntax
secedit /validate FileName

Parameters
FileName
Specifies the file name of the security template you have created with Security Templates.
Examples
Following is an example of how you can use this command:

secedit /validate /cfg filename

secedit /GenerateRollback

Allows you to generate a rollback template with respect to a configuration template. When applying a configuration template to a computer you have the option of creating rollback template which, when applied, resets the security settings to the values before the configuration template was applied.

Syntax
secedit /GenerateRollback /CFG FileName.inf /RBK SecurityTemplatefilename.inf [/log RollbackFileName.inf] [/quiet]

Parameters
/CFG FileName
Specifies the file name of the security template for which you want to create a rollback template of.
/RBK FileName
Specifies the file name of the security template that will be created as the rollback template.
Remarks
secedit /refreshpolicy has been replaced with gpupdate. For information on how to refresh security settings, see Related Topics.
0
 
VirusMinusCommented:
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now