Sign in with
Sign up | Sign in
Your question

Local Security Policy & secedit

Last response: in Windows XP
Share
May 3, 2005 7:16:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OS: WinXP Pro SP2
Is there a way to export these policies from the local security settings
from one computer to another?
Password Policy
Account Lockout Policy
User Rights Assignment
Security Options

I can open up the local security settings and then export the list to a txt
file, but I have no idea what to do from there. I tried Action and then
import policy on the recieving computer, but it defults to a system folder
and an inf file. (I have a feeling this is the wrong thing to do)

I have tried using secedit /export, but don't know how to use the switches
and options to move the data I want to the floppy and then back to the second
computer. (I am weak when it comes to command line skills)

I think I even tried coping the files in the
windows\security\templates\policies folder over with no luck.

Help!
Anonymous
a b 8 Security
May 5, 2005 11:13:53 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,

If the settings that the administrator wants to enable are available on
the user and computer level from the Group Policy Microsoft Management
Console (MMC) snap-in, the administrator should use Local Machine policies.
Since it may be difficult to visit each client to distribute and configure
Local Group Policy, you can use the following two methods to configure
Local Group Policy on multiple clients:• Local Group Policy can be
configured for a single system; then it can be cloned. The Microsoft System
Preparation (Sysprep) tool can be used in conjunction with other
third-party software to clone the computers. The cloned computers can
retain the settings.

Administrators can also configure a Local Group Policy on one client
computer, and then copy the associate's pieces that make up the Local Group
Policy Object (LGPO) to other clients.

NOTE: The only settings you can transfer from one client to another are the
settings from Administrative Templates.

If this is what you want take a look at the article listed below:

Group Policies for Windows 2000 Professional Clients in Windows NT 4.0
Domain or Workgroups
http://support.microsoft.com/default.aspx?scid=KB;EN-US;274478

Diana Smith [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Local Security Policy & secedit
| thread-index: AcVQLbRQIcKG0NEpQXiMfAKR+jp9rA==
| X-WBNR-Posting-Host: 64.28.250.2
| From: "=?Utf-8?B?Sm9zaA==?=" <Josh@discussions.microsoft.com>
| Subject: Local Security Policy & secedit
| Date: Tue, 3 May 2005 15:16:07 -0700
| Lines: 21
| Message-ID: <DFEF6D12-3F03-4B8C-9B58-F88D9A144158@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windowsxp.security_admin
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.security_admin:45833
| X-Tomcat-NG: microsoft.public.windowsxp.security_admin
|
| OS: WinXP Pro SP2
| Is there a way to export these policies from the local security settings
| from one computer to another?
| Password Policy
| Account Lockout Policy
| User Rights Assignment
| Security Options
|
| I can open up the local security settings and then export the list to a
txt
| file, but I have no idea what to do from there. I tried Action and then
| import policy on the recieving computer, but it defults to a system
folder
| and an inf file. (I have a feeling this is the wrong thing to do)
|
| I have tried using secedit /export, but don't know how to use the
switches
| and options to move the data I want to the floppy and then back to the
second
| computer. (I am weak when it comes to command line skills)
|
| I think I even tried coping the files in the
| windows\security\templates\policies folder over with no luck.
|
| Help!
|


This posting is provided "AS IS" with no warranties, and confers no rights.


diasmith@online.microsoft.com
May 6, 2005 10:17:53 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks, Diana!
It looks like I was on the right track (yeah, right!), Ijust didn't follow
through with a reboot. I would have never figured that out without your help.
The article states "It may be necesary to edit the
%systemroot%\system32\grouppolicy\gpt.ini and change the version entry so
that the policy gets applied." What did it want me to change the version to?
It is currently has
[General]
gPCFunctionalityversion=2

""Diana Smith [MSFT]"" wrote:

> Hello,
>
> If the settings that the administrator wants to enable are available on
> the user and computer level from the Group Policy Microsoft Management
> Console (MMC) snap-in, the administrator should use Local Machine policies.
> Since it may be difficult to visit each client to distribute and configure
> Local Group Policy, you can use the following two methods to configure
> Local Group Policy on multiple clients:• Local Group Policy can be
> configured for a single system; then it can be cloned. The Microsoft System
> Preparation (Sysprep) tool can be used in conjunction with other
> third-party software to clone the computers. The cloned computers can
> retain the settings.
>
> Administrators can also configure a Local Group Policy on one client
> computer, and then copy the associate's pieces that make up the Local Group
> Policy Object (LGPO) to other clients.
>
> NOTE: The only settings you can transfer from one client to another are the
> settings from Administrative Templates.
>
> If this is what you want take a look at the article listed below:
>
> Group Policies for Windows 2000 Professional Clients in Windows NT 4.0
> Domain or Workgroups
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;274478
>
> Diana Smith [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --------------------
> | Thread-Topic: Local Security Policy & secedit
> | thread-index: AcVQLbRQIcKG0NEpQXiMfAKR+jp9rA==
> | X-WBNR-Posting-Host: 64.28.250.2
> | From: "=?Utf-8?B?Sm9zaA==?=" <Josh@discussions.microsoft.com>
> | Subject: Local Security Policy & secedit
> | Date: Tue, 3 May 2005 15:16:07 -0700
> | Lines: 21
> | Message-ID: <DFEF6D12-3F03-4B8C-9B58-F88D9A144158@microsoft.com>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windowsxp.security_admin
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windowsxp.security_admin:45833
> | X-Tomcat-NG: microsoft.public.windowsxp.security_admin
> |
> | OS: WinXP Pro SP2
> | Is there a way to export these policies from the local security settings
> | from one computer to another?
> | Password Policy
> | Account Lockout Policy
> | User Rights Assignment
> | Security Options
> |
> | I can open up the local security settings and then export the list to a
> txt
> | file, but I have no idea what to do from there. I tried Action and then
> | import policy on the recieving computer, but it defults to a system
> folder
> | and an inf file. (I have a feeling this is the wrong thing to do)
> |
> | I have tried using secedit /export, but don't know how to use the
> switches
> | and options to move the data I want to the floppy and then back to the
> second
> | computer. (I am weak when it comes to command line skills)
> |
> | I think I even tried coping the files in the
> | windows\security\templates\policies folder over with no luck.
> |
> | Help!
> |
>
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> diasmith@online.microsoft.com
>
>
Related resources
Anonymous
a b 8 Security
May 6, 2005 11:06:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Josh" wrote:
> OS: WinXP Pro SP2
> Is there a way to export these policies from the local security settings
> from one computer to another?

WinXP and Server 2003 use "gpupdate", and Win2000 uses "secedit".

Also try this link:
http://www.microsoft.com/canada/smallbiz/sgc/articles/s...

The link runs through importing/exporting policies.

L 8 R,

Oceana
Anonymous
a b 8 Security
June 15, 2005 11:18:08 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Just make the version number something much higher than it is, like 10000.

"Josh" wrote:

> The article states "It may be necesary to edit the
> %systemroot%\system32\grouppolicy\gpt.ini and change the version entry so
> that the policy gets applied." What did it want me to change the version to?
> It is currently has
> [General]
> gPCFunctionalityversion=2
>
!