Export/Import Local Policies

W

Wes Rogers

I have a WXP machine that I have edited a single entry in
the local security policy. I want to take that single
entry and export it, then import it into several other
WXP machines. I see how I can export the entry into a
text file but I can only import a security template? I do
not have group policy and I am running an NT4 domain. How
can I accomplish this without disrupting any other
settings within the local security policy? Thanks for any
help!
 
S

Steven Umbach

Use the mmc snapin for security templates to create a new template. Name the
template, configure the change and save it. You can then import that template.
Importing templates are cumulative which means that any settings defined in it
will change the Local Security Policy while all undefined settings will be
ignored. When you create a new template it is blank and all settings are
undefined. --- Steve

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/w
inxppro/proddocs/SCE_NewConfig.asp
http://tinyurl.com/ev1z -- Same as above, shorter link.
 
R

Roger Abell

Just adding a little to Steve reply, which does provide
you with _the_ solution available in a stand-alone or
downlevel domain environment.

Some settings that you can set in a template are not
made effective on the local machine by just importing
the template. Only security policy setting are imported.
So, if you are concerned with other settings made in the
template then you need to use the security configuration
and analysis snapin into which you load/import the
template and then analyze followed by apply in order to
have the settings placed onto the machine.

I do not believe you were concerned with settings in a
template outside of the security policies, so Steve's
post was fully complete and correct. However, in case
you get excited with the possibilities once you first see
a template I thought it may be good to clarify this part.
 
S

Steven L Umbach

Hi Roger. Thanks for the clarification. Just so I am straight on this,
anything that does NOT have "policies" in the title line as would be found
in Local Security Policy of a default installation, such as registry/file
permissions or system services would need to be applied via SCA tool or
using secedit /configure. Thanks. --- Steve
 
R

Roger Abell

Steven L Umbach said:
Hi Roger. Thanks for the clarification. Just so I am straight on this,
anything that does NOT have "policies" in the title line as would be found
in Local Security Policy of a default installation, such as registry/file
permissions or system services would need to be applied via SCA tool or
using secedit /configure. Thanks. --- Steve
Click to expand...

Yes, Steve, you have that correct for the local policy situation.
Many of the policies and settings (like reg values, file system)
cannot be enforced with the client policy engine in a stand-alone
situation (which is why you do not see them in the Local Security
Policy interface).
These can however be imprinted upon the machine with SCA,
or as you noted, more conveniently with a secedit command.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

can't modify local security settings 2
ntlmv2 on WXP 3
Local Security Policy & secedit 4
export local security policy 1
Error Message when opening Local Security Policy 1
Local Security Policy - SECPOL.MSC 2
Export Registry Entries for Local Policies 8
Local Security Policy resets 5

Top