Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Security & Configuration Analysis tool in Windows 7

Posted on 2014-04-08
9
Medium Priority
?
576 Views
Last Modified: 2014-04-10
I'm using the Security & Configuration Analysis tool in Windows 7 and running it on a machine where some local group policy changes were made to lock down the machine.

I'm looking to scan this machine for changes, find those changes with the tool above, then export it as config template to apply to another machine.

Issue i'm having with the tool is that I create a new database with the tool, but when browsing to the correct template that will show the computer configuration and user configuration templates, I cannot find these on the local computer.

Does someone know where to browse to these templates on the local machine for the Security & Configuration Analysis tool in Windows 7?

Thanks.
0
Comment
Question by:sparky321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 16

Expert Comment

by:cantoris
ID: 39989419
It seems the templates have been moved to c:\windows\inf  where they're buried in amongst all kinds of other INF files.  This link lists them:

https://www.raymond.cc/blog/apply-hardening-on-windows-7-windows-server-2008-using-command-line/
0
 

Author Comment

by:sparky321
ID: 39989682
What actual templates are the ones responsible for the User and Computer config. changes though when changing a GPO?  Would like to run against these templates to see what has changed and then apply those settings to a new machine.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989779
Those templates (and the Security Configuration and Analysis tool) are for the Security Policy only.  They're not for all Group Policy settings.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 16

Expert Comment

by:cantoris
ID: 39989786
If you use
gpresult.exe /h c:\GroupPolicy.html
then you can view the Group Policy settings that have been applied.
0
 

Author Comment

by:sparky321
ID: 39989843
How can i go about 'capturing' the GP settings applied on a target machine in order to export and apply those settings to another machine?

That's ultimately what i'm trying to accomplish.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989895
I'm not aware of a way of capturing resultant policy into a new group policy object.

You can just apply the same domain group policy objects that are applied to the machine in question to your new computers.  Anything configured through local group policy would be better turned into domain-based policy objects.  You can copy the local group policy files to another machine but that's not something I would do.

Group Policy Management Console makes it easy to see which GPOs are applied to each OU and you can calculate resultant policy in there too against a specific PC and user.
0
 

Author Comment

by:sparky321
ID: 39989951
I need a local policy as it will be standalone machines acting as a Kiosk, no filtering down of domain level GPOs to OU level for this one.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 1500 total points
ID: 39990016
If you're wanting to create these local settings based on settings coming from the domain on a template PC then I would use gpresult.exe /h  and then manually create the settings on a target PC.

If you're just wanting to clone local group policy then follow this procedure:
http://www.frickelsoft.net/blog/?p=31
0
 

Author Closing Comment

by:sparky321
ID: 39991529
good enough to continue this project.  Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question