Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 583
  • Last Modified:

Security & Configuration Analysis tool in Windows 7

I'm using the Security & Configuration Analysis tool in Windows 7 and running it on a machine where some local group policy changes were made to lock down the machine.

I'm looking to scan this machine for changes, find those changes with the tool above, then export it as config template to apply to another machine.

Issue i'm having with the tool is that I create a new database with the tool, but when browsing to the correct template that will show the computer configuration and user configuration templates, I cannot find these on the local computer.

Does someone know where to browse to these templates on the local machine for the Security & Configuration Analysis tool in Windows 7?

Thanks.
0
sparky321
Asked:
sparky321
  • 5
  • 4
1 Solution
 
cantorisCommented:
It seems the templates have been moved to c:\windows\inf  where they're buried in amongst all kinds of other INF files.  This link lists them:

https://www.raymond.cc/blog/apply-hardening-on-windows-7-windows-server-2008-using-command-line/
0
 
sparky321Author Commented:
What actual templates are the ones responsible for the User and Computer config. changes though when changing a GPO?  Would like to run against these templates to see what has changed and then apply those settings to a new machine.
0
 
cantorisCommented:
Those templates (and the Security Configuration and Analysis tool) are for the Security Policy only.  They're not for all Group Policy settings.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
cantorisCommented:
If you use
gpresult.exe /h c:\GroupPolicy.html
then you can view the Group Policy settings that have been applied.
0
 
sparky321Author Commented:
How can i go about 'capturing' the GP settings applied on a target machine in order to export and apply those settings to another machine?

That's ultimately what i'm trying to accomplish.
0
 
cantorisCommented:
I'm not aware of a way of capturing resultant policy into a new group policy object.

You can just apply the same domain group policy objects that are applied to the machine in question to your new computers.  Anything configured through local group policy would be better turned into domain-based policy objects.  You can copy the local group policy files to another machine but that's not something I would do.

Group Policy Management Console makes it easy to see which GPOs are applied to each OU and you can calculate resultant policy in there too against a specific PC and user.
0
 
sparky321Author Commented:
I need a local policy as it will be standalone machines acting as a Kiosk, no filtering down of domain level GPOs to OU level for this one.
0
 
cantorisCommented:
If you're wanting to create these local settings based on settings coming from the domain on a template PC then I would use gpresult.exe /h  and then manually create the settings on a target PC.

If you're just wanting to clone local group policy then follow this procedure:
http://www.frickelsoft.net/blog/?p=31
0
 
sparky321Author Commented:
good enough to continue this project.  Thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now