JSI Tip 9067. When you run 'SecEdit /export /cfg c:\cfg.txt' to export a security template for Local Security Policy in Windows XP, it doesn't export a security template?

When you run the SecEdit /export /cfg c:\cfg.txt command in Windows Server 2003 and Windows 2000, it does export a security template, but in Windows XP, even though the command echoed:

Task is completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.

the c:\cfg.txt file only contained:

\[Unicode\]
Unicode=yes
\[Version\]
signature="$CHICAGO$"
Revision=1
\[Profile Description\]
Description=Default Security Settings. (Windows Professional)
The %windir%\security\logs\scesrv.log file contained:
-------------------------------------------
Wednesday, February 16, 2005 13:34:39
Initializing engine, please wait...
The ability to export a security template for Local Security Policy using SecEdit is apparently broken, at least through Service Pack 2.

NOTE: In Windows XP, there is no Secedit.sdb database, which SecEdit uses. The security template must be stored in the registry.

NOTE: See How do I use the Secedit.sdb database to analyze security settings?

In Windows XP, the best you can do is to save the Security Options list from the Local Security Settings MMC snap-in:

1. Administrative Tools from Control Panel.

2. Double-click Local Security Policy.

3. Expand Local Policies in the left-hand pane.

4. Select Security Options in the left-hand pane.

5. Use the Action menu to press Export List.

6. Enter the file name and navigate to a folder.

7. Press Save.

8. Close the Local Security Settings MMC snap-in.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish