Solved

Security & Configuration Analysis tool in Windows 7

Posted on 2014-04-08
9
569 Views
Last Modified: 2014-04-10
I'm using the Security & Configuration Analysis tool in Windows 7 and running it on a machine where some local group policy changes were made to lock down the machine.

I'm looking to scan this machine for changes, find those changes with the tool above, then export it as config template to apply to another machine.

Issue i'm having with the tool is that I create a new database with the tool, but when browsing to the correct template that will show the computer configuration and user configuration templates, I cannot find these on the local computer.

Does someone know where to browse to these templates on the local machine for the Security & Configuration Analysis tool in Windows 7?

Thanks.
0
Comment
Question by:sparky321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 16

Expert Comment

by:cantoris
ID: 39989419
It seems the templates have been moved to c:\windows\inf  where they're buried in amongst all kinds of other INF files.  This link lists them:

https://www.raymond.cc/blog/apply-hardening-on-windows-7-windows-server-2008-using-command-line/
0
 

Author Comment

by:sparky321
ID: 39989682
What actual templates are the ones responsible for the User and Computer config. changes though when changing a GPO?  Would like to run against these templates to see what has changed and then apply those settings to a new machine.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989779
Those templates (and the Security Configuration and Analysis tool) are for the Security Policy only.  They're not for all Group Policy settings.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 16

Expert Comment

by:cantoris
ID: 39989786
If you use
gpresult.exe /h c:\GroupPolicy.html
then you can view the Group Policy settings that have been applied.
0
 

Author Comment

by:sparky321
ID: 39989843
How can i go about 'capturing' the GP settings applied on a target machine in order to export and apply those settings to another machine?

That's ultimately what i'm trying to accomplish.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989895
I'm not aware of a way of capturing resultant policy into a new group policy object.

You can just apply the same domain group policy objects that are applied to the machine in question to your new computers.  Anything configured through local group policy would be better turned into domain-based policy objects.  You can copy the local group policy files to another machine but that's not something I would do.

Group Policy Management Console makes it easy to see which GPOs are applied to each OU and you can calculate resultant policy in there too against a specific PC and user.
0
 

Author Comment

by:sparky321
ID: 39989951
I need a local policy as it will be standalone machines acting as a Kiosk, no filtering down of domain level GPOs to OU level for this one.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39990016
If you're wanting to create these local settings based on settings coming from the domain on a template PC then I would use gpresult.exe /h  and then manually create the settings on a target PC.

If you're just wanting to clone local group policy then follow this procedure:
http://www.frickelsoft.net/blog/?p=31
0
 

Author Closing Comment

by:sparky321
ID: 39991529
good enough to continue this project.  Thanks
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question