The Microsoft Security Configuration Tool Set is a collection of MMC snap-ins that can be used to simplify the administration tasks associated with the deployment of secured systems. The tool set consists primarily of the Security Configuration Editor and the Security Configuration Manager.
The Security Configuration Editor is used to view and alter the contents of security templates. A security template is similar to a GPO, but it is stored in a text-based .inf file. Microsoft included several pre-defined security templates. These pre-defined security templates can be used as-is or you can customize them for your environment. The three classes of pre-defined security templates are client, server and domain controller. For each of these classes, there are four security levels: basic, compatible, secure and high security.
Security templates contain all of the same controls you will find in a default GPO. However, you are not limited to those default controls. You can create your own customized controls to manage applications, alter the Registry or perform unique configurations.
The Security Configuration Manager is used to apply a security template to a system, analyze a system in comparison with a security template or create a security template from the current settings of a system. Secedit.exe is a command line only version of the Security Configuration Manager MMC snap-in.
With just a little planning and the time it takes to fully configure a single GPO and write a few simple scripts, you can effectively secure your entire enterprise using security templates.
More information about the Security Configuration Manager can be found in the TechNet article "MS Security Configuration Tool Set". You can find this document online by searching at www.microsoft.com/technet.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.