Exportera (0) Skriv ut
Visa allt

Reapply default security settings

To reapply default security settings

Using the Windows interface

  1. Open Security Configuration and Analysis.
  2. In the console tree, right-click Security Configuration and Analysis, and then click Open Database.
    Where?
    • ConsoleRoot/Security Configuration and Analysis
  3. In File name, type the file name, and then click Open.
  4. Do one of the following:
    • For a domain controller, in the console tree, right-click Security Configuration and Analysis, click Import Template, and then click DC security.
    • For other computers, in the console tree, right-click Security Configuration and Analysis, click Import Template, and then click setup security.
  5. Select the Clear this database before importing check box, and then click Open.
  6. In the console tree, right-click Security Configuration and Analysis, and then click Configure Computer Now.
  7. Do one of the following:
    • To use the default log specified in Error log file path, click OK.
    • To specify a different log, in Error log file path, type a valid path and file name, and then click OK.
  8. When the configuration is done, right-click Security Configuration and Analysis, and then click View Log File.

Important

  • Applying the entire setup security template is a drastic measure that should be avoided. Instead, use the secedit command-line tool to apply default settings for specific areas. See the Using a command line section of this procedure.

Notes

  • Different permissions are required to perform this procedure, depending on the environment in which you reapply default security settings:
    • If you reapply default security settings to your local computer: Du måste vara medlem i gruppen Administratörer på den lokala datorn för att kunna utföra den här proceduren, eller ha delegerats motsvarande behörighet. Om datorn ingår i en domän, kan bara medlemmar i gruppen Domänadministratörer utföra den här proceduren. Det säkraste sättet att utföra den här proceduren är med hjälp av funktionen Kör som.
    • If you reapply default security settings to a computer that is joined to a domain: För att kunna utföra den här proceduren måste du tillhöra gruppen Domänadministratörer eller Företagsadministratörer i Active Directory, eller ha delegerats motsvarande behörighet. Det säkraste sättet att utföra den här proceduren är med hjälp av funktionen Kör som. Mer information finns i Default local groups, Default groups och Using Run as.
  • To open Security Configuration and Analysis, click Start, click Run, type mmc, and then click OK. On the File menu, click Open, click the console that you want to open, and then click Open. In the console tree, click Security Configuration and Analysis.
  • The default path for the log file is:
    systemroot\Documents and Settings\UserAccount\My Documents\Security\Logs\
  • When you reapply default security settings, all settings that are defined in Setup security.inf are set as the template specifies, but other settings that are not defined in the template may persist. For more information, see Applying security settings.

Using a command line

  • Open Command Prompt.
  • For a server or workstation, type:
    secedit/configure/DBFileName/CFG "%windir%\Security\Templates\Setup security.inf" [/overwrite][/areas Area1 Area2...] [/log LogPath] [/quiet]
    For a domain controller, type:
    secedit/configure/DBFileName/CFG "%windir%\Security\Templates\DC security.inf" [/overwrite][/areas Area1 Area2...] [/log LogPath] [/quiet]

 

Argument Description

/DB FileName

Required. Provides the path to a database that contains the security template that should be applied. To create a new database, type the database file name and path.

/CFG "%windir%\Security\Templates\Setup security.inf"

Specifies the Setup Security.inf template that contains the default security settings.

/overwrite

Specifies that the database should be emptied prior to importing the security template. If this parameter is not specified, the settings in the security template are accumulated into the database. If this parameter is not specified and there are conflicting settings in the database and the template being imported, the template settings win.

/areas Area1 Area2

Specifies the security areas to be applied to the system. If this parameter is not specified, all security settings defined in the database are applied to the system. To configure multiple areas, separate each area by a space. The following security areas are supported:

SECURITYPOLICY - Includes account policies, audit policies, event log settings, and security options.

GROUP_MGMT - Includes Restricted Group settings.

USER_RIGHTS - Includes user rights assignment.

REGKEYS - Includes registry permissions.

FILESTORE - Includes file system permissions.

SERVICES - Includes System Service settings.

/log LogPath

Specifies a file in which to log the status of the configuration process. If not specified, configuration data is logged in the Scesrv.log file, which is located in the %windir%\Security\Logs folder.

/quiet

Specifies that the configuration process should take place without prompting the user.

Important

  • It is advisable to apply Setup security in parts using the Areas parameter, so you can have control over which parts you are restoring.

Notes

  • Different permissions are required to perform this procedure, depending on the environment in which you reapply default security settings:
    • If you reapply default security settings to your local computer: Du måste vara medlem i gruppen Administratörer på den lokala datorn för att kunna utföra den här proceduren, eller ha delegerats motsvarande behörighet. Om datorn ingår i en domän, kan bara medlemmar i gruppen Domänadministratörer utföra den här proceduren. Det säkraste sättet att utföra den här proceduren är med hjälp av funktionen Kör som.
    • If you reapply default security settings to a computer that is joined to a domain: För att kunna utföra den här proceduren måste du tillhöra gruppen Domänadministratörer eller Företagsadministratörer i Active Directory, eller ha delegerats motsvarande behörighet. Det säkraste sättet att utföra den här proceduren är med hjälp av funktionen Kör som. Mer information finns i Default local groups, Default groups och Using Run as.
  • Du öppnar kommandotolken genom att klicka på Start, peka på Alla program, Tillbehör och sedan klicka på Kommandotolken.
  • To view the complete syntax for this command, at a command prompt, type:
    secedit /?

Information about functional differences

  • Servern kan eventuellt fungera på ett annat sätt beroende på vilken version och utgåva av operativsystemet som är installerat, din kontobehörighet och menyinställningarna. Mer information finns i avsnittet om att Viewing Help on the Web.

Se även

Var detta till hjälp?
(1500 tecken kvar)
Tack för dina kommentarer

Gruppinnehåll

Lägg till
Visa:
© 2014 Microsoft