TABLE OF CONTENTS Your primary interface for creating, testing and implementing security templates in Windows Server 2003 will be the Security Configuration and Analysis and the Security Templates MMC snap-ins. The weakness, however, of Security Configuration and Analysis is that it can only be used to analyze and configure security for a local computer. If you need to perform an analysis across a network, you will need to use the secedit command.
The secedit command-line tool offers much of the functionality of the Security Configuration and Analysis snap-in from the command-line. This allows the administrator to script security analyses for many machines across the enterprise and save the results for later analysis.
The reporting abilities of secedit are limited. Although you can perform a security analysis from the command-line, you cannot view the results of the analysis with secedit. You must view the analysis results from the graphic Security Configuration and Analysis snap-in interface. Additionally, the secedit tool can be used to configure, refresh and export security settings as well as validate security configuration files.
The secedit command uses the following top-level options:
secedit /analyze
secedit /configure
secedit /export
secedit /import
secedit /validate
secedit /GenerateRollback
The secedit /anaylze command is used to initiate a security analysis and uses the following syntax:
secedit /analyze /db <i class="emphasis">FileName</i> [/cfg <i class="emphasis">FileName</i>] [/overwrite] [/log <i class="emphasis">FileName</i>] [/quiet]
Table A.77 details the parameters associated with the secedit /analyze command.
