Local Security Policy & secedit

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OS: WinXP Pro SP2
Is there a way to export these policies from the local security settings
from one computer to another?
Password Policy
Account Lockout Policy
User Rights Assignment
Security Options

I can open up the local security settings and then export the list to a txt
file, but I have no idea what to do from there. I tried Action and then
import policy on the recieving computer, but it defults to a system folder
and an inf file. (I have a feeling this is the wrong thing to do)

I have tried using secedit /export, but don't know how to use the switches
and options to move the data I want to the floppy and then back to the second
computer. (I am weak when it comes to command line skills)

I think I even tried coping the files in the
windows\security\templates\policies folder over with no luck.

Help!
4 answers Last reply
More about local security policy secedit
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hello,

    If the settings that the administrator wants to enable are available on
    the user and computer level from the Group Policy Microsoft Management
    Console (MMC) snap-in, the administrator should use Local Machine policies.
    Since it may be difficult to visit each client to distribute and configure
    Local Group Policy, you can use the following two methods to configure
    Local Group Policy on multiple clients:• Local Group Policy can be
    configured for a single system; then it can be cloned. The Microsoft System
    Preparation (Sysprep) tool can be used in conjunction with other
    third-party software to clone the computers. The cloned computers can
    retain the settings.

    Administrators can also configure a Local Group Policy on one client
    computer, and then copy the associate's pieces that make up the Local Group
    Policy Object (LGPO) to other clients.

    NOTE: The only settings you can transfer from one client to another are the
    settings from Administrative Templates.

    If this is what you want take a look at the article listed below:

    Group Policies for Windows 2000 Professional Clients in Windows NT 4.0
    Domain or Workgroups
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;274478

    Diana Smith [MSFT]

    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    | Thread-Topic: Local Security Policy & secedit
    | thread-index: AcVQLbRQIcKG0NEpQXiMfAKR+jp9rA==
    | X-WBNR-Posting-Host: 64.28.250.2
    | From: "=?Utf-8?B?Sm9zaA==?=" <Josh@discussions.microsoft.com>
    | Subject: Local Security Policy & secedit
    | Date: Tue, 3 May 2005 15:16:07 -0700
    | Lines: 21
    | Message-ID: <DFEF6D12-3F03-4B8C-9B58-F88D9A144158@microsoft.com>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windowsxp.security_admin
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windowsxp.security_admin:45833
    | X-Tomcat-NG: microsoft.public.windowsxp.security_admin
    |
    | OS: WinXP Pro SP2
    | Is there a way to export these policies from the local security settings
    | from one computer to another?
    | Password Policy
    | Account Lockout Policy
    | User Rights Assignment
    | Security Options
    |
    | I can open up the local security settings and then export the list to a
    txt
    | file, but I have no idea what to do from there. I tried Action and then
    | import policy on the recieving computer, but it defults to a system
    folder
    | and an inf file. (I have a feeling this is the wrong thing to do)
    |
    | I have tried using secedit /export, but don't know how to use the
    switches
    | and options to move the data I want to the floppy and then back to the
    second
    | computer. (I am weak when it comes to command line skills)
    |
    | I think I even tried coping the files in the
    | windows\security\templates\policies folder over with no luck.
    |
    | Help!
    |


    This posting is provided "AS IS" with no warranties, and confers no rights.


    diasmith@online.microsoft.com
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanks, Diana!
    It looks like I was on the right track (yeah, right!), Ijust didn't follow
    through with a reboot. I would have never figured that out without your help.
    The article states "It may be necesary to edit the
    %systemroot%\system32\grouppolicy\gpt.ini and change the version entry so
    that the policy gets applied." What did it want me to change the version to?
    It is currently has
    [General]
    gPCFunctionalityversion=2

    ""Diana Smith [MSFT]"" wrote:

    > Hello,
    >
    > If the settings that the administrator wants to enable are available on
    > the user and computer level from the Group Policy Microsoft Management
    > Console (MMC) snap-in, the administrator should use Local Machine policies.
    > Since it may be difficult to visit each client to distribute and configure
    > Local Group Policy, you can use the following two methods to configure
    > Local Group Policy on multiple clients:• Local Group Policy can be
    > configured for a single system; then it can be cloned. The Microsoft System
    > Preparation (Sysprep) tool can be used in conjunction with other
    > third-party software to clone the computers. The cloned computers can
    > retain the settings.
    >
    > Administrators can also configure a Local Group Policy on one client
    > computer, and then copy the associate's pieces that make up the Local Group
    > Policy Object (LGPO) to other clients.
    >
    > NOTE: The only settings you can transfer from one client to another are the
    > settings from Administrative Templates.
    >
    > If this is what you want take a look at the article listed below:
    >
    > Group Policies for Windows 2000 Professional Clients in Windows NT 4.0
    > Domain or Workgroups
    > http://support.microsoft.com/default.aspx?scid=KB;EN-US;274478
    >
    > Diana Smith [MSFT]
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    > --------------------
    > | Thread-Topic: Local Security Policy & secedit
    > | thread-index: AcVQLbRQIcKG0NEpQXiMfAKR+jp9rA==
    > | X-WBNR-Posting-Host: 64.28.250.2
    > | From: "=?Utf-8?B?Sm9zaA==?=" <Josh@discussions.microsoft.com>
    > | Subject: Local Security Policy & secedit
    > | Date: Tue, 3 May 2005 15:16:07 -0700
    > | Lines: 21
    > | Message-ID: <DFEF6D12-3F03-4B8C-9B58-F88D9A144158@microsoft.com>
    > | MIME-Version: 1.0
    > | Content-Type: text/plain;
    > | charset="Utf-8"
    > | Content-Transfer-Encoding: 7bit
    > | X-Newsreader: Microsoft CDO for Windows 2000
    > | Content-Class: urn:content-classes:message
    > | Importance: normal
    > | Priority: normal
    > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    > | Newsgroups: microsoft.public.windowsxp.security_admin
    > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    > | Xref: TK2MSFTNGXA01.phx.gbl
    > microsoft.public.windowsxp.security_admin:45833
    > | X-Tomcat-NG: microsoft.public.windowsxp.security_admin
    > |
    > | OS: WinXP Pro SP2
    > | Is there a way to export these policies from the local security settings
    > | from one computer to another?
    > | Password Policy
    > | Account Lockout Policy
    > | User Rights Assignment
    > | Security Options
    > |
    > | I can open up the local security settings and then export the list to a
    > txt
    > | file, but I have no idea what to do from there. I tried Action and then
    > | import policy on the recieving computer, but it defults to a system
    > folder
    > | and an inf file. (I have a feeling this is the wrong thing to do)
    > |
    > | I have tried using secedit /export, but don't know how to use the
    > switches
    > | and options to move the data I want to the floppy and then back to the
    > second
    > | computer. (I am weak when it comes to command line skills)
    > |
    > | I think I even tried coping the files in the
    > | windows\security\templates\policies folder over with no luck.
    > |
    > | Help!
    > |
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    > diasmith@online.microsoft.com
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Josh" wrote:
    > OS: WinXP Pro SP2
    > Is there a way to export these policies from the local security settings
    > from one computer to another?

    WinXP and Server 2003 use "gpupdate", and Win2000 uses "secedit".

    Also try this link:
    http://www.microsoft.com/canada/smallbiz/sgc/articles/sec_winxp_pro_server_env.mspx

    The link runs through importing/exporting policies.

    L 8 R,

    Oceana
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Just make the version number something much higher than it is, like 10000.

    "Josh" wrote:

    > The article states "It may be necesary to edit the
    > %systemroot%\system32\grouppolicy\gpt.ini and change the version entry so
    > that the policy gets applied." What did it want me to change the version to?
    > It is currently has
    > [General]
    > gPCFunctionalityversion=2
    >
Ask a new question

Read More

Policy Security Computers Windows XP