Networking / Beginners

Analysis

Secedit can be used to compare an existing policy running on a Windows 2000 system with an appropriate policy for the system. To do this, enter the following command from a command prompt:

secedit /analyze [/DB filename] [/CFG filename] [/log filename] [/verbose] [/quiet]

The following parameters may be provided:

  • /DB filename This specifies the path to the database file that contains the stored configuration for the analysis. If the filename specifies a new file, the /CFG parameter must also be used.

  • /CFG filename This specifies the path to the security template to be imported into the database. If the parameter is not used, the configuration stored in the database is used.

  • /log filename This specifies the path to the log file that will be created by the command. The log file includes all the information found during the analysis.

  • /verbose This tells secedit to provide details while running.

  • /quiet This tells secedit not to provide output to the screen while running.

Once the run is completed, the log file can be analyzed to determine if the system is in compliance with the organization's policy.

[Previous] [Contents] [Next]