Solved

Security & Configuration Analysis tool in Windows 7

Posted on 2014-04-08
9
561 Views
Last Modified: 2014-04-10
I'm using the Security & Configuration Analysis tool in Windows 7 and running it on a machine where some local group policy changes were made to lock down the machine.

I'm looking to scan this machine for changes, find those changes with the tool above, then export it as config template to apply to another machine.

Issue i'm having with the tool is that I create a new database with the tool, but when browsing to the correct template that will show the computer configuration and user configuration templates, I cannot find these on the local computer.

Does someone know where to browse to these templates on the local machine for the Security & Configuration Analysis tool in Windows 7?

Thanks.
0
Comment
Question by:sparky321
  • 5
  • 4
9 Comments
 
LVL 16

Expert Comment

by:cantoris
ID: 39989419
It seems the templates have been moved to c:\windows\inf  where they're buried in amongst all kinds of other INF files.  This link lists them:

https://www.raymond.cc/blog/apply-hardening-on-windows-7-windows-server-2008-using-command-line/
0
 

Author Comment

by:sparky321
ID: 39989682
What actual templates are the ones responsible for the User and Computer config. changes though when changing a GPO?  Would like to run against these templates to see what has changed and then apply those settings to a new machine.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989779
Those templates (and the Security Configuration and Analysis tool) are for the Security Policy only.  They're not for all Group Policy settings.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 16

Expert Comment

by:cantoris
ID: 39989786
If you use
gpresult.exe /h c:\GroupPolicy.html
then you can view the Group Policy settings that have been applied.
0
 

Author Comment

by:sparky321
ID: 39989843
How can i go about 'capturing' the GP settings applied on a target machine in order to export and apply those settings to another machine?

That's ultimately what i'm trying to accomplish.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39989895
I'm not aware of a way of capturing resultant policy into a new group policy object.

You can just apply the same domain group policy objects that are applied to the machine in question to your new computers.  Anything configured through local group policy would be better turned into domain-based policy objects.  You can copy the local group policy files to another machine but that's not something I would do.

Group Policy Management Console makes it easy to see which GPOs are applied to each OU and you can calculate resultant policy in there too against a specific PC and user.
0
 

Author Comment

by:sparky321
ID: 39989951
I need a local policy as it will be standalone machines acting as a Kiosk, no filtering down of domain level GPOs to OU level for this one.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39990016
If you're wanting to create these local settings based on settings coming from the domain on a template PC then I would use gpresult.exe /h  and then manually create the settings on a target PC.

If you're just wanting to clone local group policy then follow this procedure:
http://www.frickelsoft.net/blog/?p=31
0
 

Author Closing Comment

by:sparky321
ID: 39991529
good enough to continue this project.  Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question