Tuesday, December 1, 2015

Reapply default security settings

  1. Open Security Configuration and Analysis.
  2. In the console tree, right-click Security Configuration and Analysis, and then click Open Database.

    Where?

    • ConsoleRoot/Security Configuration and Analysis
  3. In File name, type the file name, and then click Open.
  4. Do one of the following:

    • For a domain controller, in the console tree, right-click Security Configuration and Analysis, click Import Template, and then click DC security.
    • For other computers, in the console tree, right-click Security Configuration and Analysis, click Import Template, and then click setup security.
  5. Select the Clear this database before importing check box, and then click Open.
  6. In the console tree, right-click Security Configuration and Analysis, and then click Configure Computer Now.
  7. Do one of the following:

    • To use the default log specified in Error log file path, click OK.
    • To specify a different log, in Error log file path, type a valid path and file name, and then click OK.
  8. When the configuration is done, right-click Security Configuration and Analysis, and then click View Log File.
Important
  • Applying the entire setup security template is a drastic measure that should be avoided. Instead, use the secedit command-line tool to apply default settings for specific areas. See the Using a command line section of this procedure.
Notes
  • Different permissions are required to perform this procedure, depending on the environment in which you reapply default security settings:

    • If you reapply default security settings to your local computer: To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
    • If you reapply default security settings to a computer that is joined to a domain: To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groupsDefault groups, and Using Run as.
  • To open Security Configuration and Analysis, click Start, click Run, type mmc, and then click OK. On the File menu, click Open, click the console that you want to open, and then click Open. In the console tree, click Security Configuration and Analysis.
  • The default path for the log file is:

    systemroot\Documents and Settings\UserAccount\My Documents\Security\Logs\
  • When you reapply default security settings, all settings that are defined in Setup security.inf are set as the template specifies, but other settings that are not defined in the template may persist. For more information, see Applying security settings.

No comments:

Post a Comment