Secedit Commands

Posted by support | Microsoft | Sunday 9 August 2009 6:17 pm

Secedit Configures and analyzes system security by comparing your current configuration to at least one template.

secedit /analyze

Syntax
secedit /analyze /db FileName [/cfg FileName] [/log FileName] [/quiet]

Parameters
/db FileName
Required. Specifies the path and file name of a database that contains the stored configuration against which the analysis will be performed. If FileName specifies a new database, the /cfg FileName command-line option must also be specified.
/cfg FileName
Specifies the path and file name for the security template that will be imported into the database for analysis. This command-line option is only valid when used with the /db parameter. If this is not specified, the analysis is performed against any configuration already stored in the database.
/log FileName
Specifies the path and file name of the log file for the process. If this is not provided, the default log file is used.
/quiet
Suppresses screen and log output. You can still view analysis results by using Security Configuration and Analysis.
secedit /configure

This is a preview of Secedit Commands. Read the full post (772 words, 0 images, estimated 3:05 mins reading time)

Security Templates Server 2003

Posted by support | Active Directory, General, Microsoft | Sunday 9 August 2009 3:48 pm

Caution

The “Setup Security.inf” and “DC Security.inf” templates contain a large number
of settings, and in particular a long list of file system permission assignments. For this reason,
you should not apply these templates to a computer using group policies. Computers
running Microsoft Windows operating systems periodically refresh group policy settings by
accessing the GPOs on the network’s domain controllers, and a template of this size can generate
a great deal of Active Directory traffic on the network. Instead of using group policies,
you should apply the template using the Security Configuration And Analysis snap-in or the
Secedit.exe utility.

This is a preview of Security Templates Server 2003. Read the full post (524 words, 0 images, estimated 2:06 mins reading time)

Using Perfmon Trace Logs to Monitor AD

Posted by support | Active Directory, Command Line, Microsoft | Sunday 9 August 2009 12:11 pm

Problem (REF:http://robbieallen.com/downloads/Recipe15-11.htm)
You want to enable Perfmon Trace Logs to view system level calls related to Active Directory.

Solution
1. Open the Performance Monitor.

2. In the left pane, expand Performance Logs and Alerts.

3. Right-click on Trace Logs and select New Log Settings.

4. Enter a name for the log and click OK.

5. Click the Add button.

6. Highlight one or more of the Active Directory providers and click OK.

7. Use the tabs to configure additional settings about the log.

8. When you are done, click OK.

This is a preview of Using Perfmon Trace Logs to Monitor AD. Read the full post (614 words, 0 images, estimated 2:27 mins reading time)