Security templates -- the key to simplified deployment

The Microsoft Security Configuration Tool Set is a collection of MMC snap-ins that can be used to simplify the administration tasks associated with the deployment of secured systems. The tool set consists primarily of the Security Configuration Editor and the Security Configuration Manager.

The Security Configuration Editor is used to view and alter the contents of security templates. A security template is similar to a GPO, but it is stored in a text-based .inf file. Microsoft included several pre-defined security templates. These pre-defined security templates can be used as-is or you can customize them for your environment. The three classes of pre-defined security templates are client, server and domain controller. For each of these classes, there are four security levels: basic, compatible, secure and high security.

Security templates contain all of the same controls you will find in a default GPO. However, you are not limited to those default controls. You can create your own customized controls to manage applications, alter the Registry or perform unique configurations.

The Security Configuration Manager is used to apply a security template to a system, analyze a system in comparison with a security template or create a security template from the current settings of a system. Secedit.exe is a command line only version of the Security Configuration Manager MMC snap-in.

With just a little planning and the time it takes to fully configure a single GPO and

    Requires Free Membership to View

write a few simple scripts, you can effectively secure your entire enterprise using security templates.

More information about the Security Configuration Manager can be found in the TechNet article "MS Security Configuration Tool Set". You can find this document online by searching at www.microsoft.com/technet.

About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.

This was first published in October 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.