Solved

Security & Configuration Analysis tool in Windows 7

Posted on 2014-04-08
9
552 Views
Last Modified: 2014-04-10
I'm using the Security & Configuration Analysis tool in Windows 7 and running it on a machine where some local group policy changes were made to lock down the machine.

I'm looking to scan this machine for changes, find those changes with the tool above, then export it as config template to apply to another machine.

Issue i'm having with the tool is that I create a new database with the tool, but when browsing to the correct template that will show the computer configuration and user configuration templates, I cannot find these on the local computer.

Does someone know where to browse to these templates on the local machine for the Security & Configuration Analysis tool in Windows 7?

Thanks.
0
Comment
Question by:sparky321
  • 5
  • 4
9 Comments
 
LVL 16

Expert Comment

by:cantoris
ID: 39989419
It seems the templates have been moved to c:\windows\inf  where they're buried in amongst all kinds of other INF files.  This link lists them:

https://www.raymond.cc/blog/apply-hardening-on-windows-7-windows-server-2008-using-command-line/
0
 

Author Comment

by:sparky321
ID: 39989682
What actual templates are the ones responsible for the User and Computer config. changes though when changing a GPO?  Would like to run against these templates to see what has changed and then apply those settings to a new machine.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989779
Those templates (and the Security Configuration and Analysis tool) are for the Security Policy only.  They're not for all Group Policy settings.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989786
If you use
gpresult.exe /h c:\GroupPolicy.html
then you can view the Group Policy settings that have been applied.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:sparky321
ID: 39989843
How can i go about 'capturing' the GP settings applied on a target machine in order to export and apply those settings to another machine?

That's ultimately what i'm trying to accomplish.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989895
I'm not aware of a way of capturing resultant policy into a new group policy object.

You can just apply the same domain group policy objects that are applied to the machine in question to your new computers.  Anything configured through local group policy would be better turned into domain-based policy objects.  You can copy the local group policy files to another machine but that's not something I would do.

Group Policy Management Console makes it easy to see which GPOs are applied to each OU and you can calculate resultant policy in there too against a specific PC and user.
0
 

Author Comment

by:sparky321
ID: 39989951
I need a local policy as it will be standalone machines acting as a Kiosk, no filtering down of domain level GPOs to OU level for this one.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39990016
If you're wanting to create these local settings based on settings coming from the domain on a template PC then I would use gpresult.exe /h  and then manually create the settings on a target PC.

If you're just wanting to clone local group policy then follow this procedure:
http://www.frickelsoft.net/blog/?p=31
0
 

Author Closing Comment

by:sparky321
ID: 39991529
good enough to continue this project.  Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now