1. Open Security Configuration and Analysis.
2. In the console tree, right-click Security Configuration and Analysis, and then click Open Database.

   Where?

   • ConsoleRoot
   • Security Configuration and Analysis
3. In Open database, do one of the following:
• To create a new database, in File name, type a file name, and then click Open.
• To open an existing database, click a database, and then click Open.
4. If you are creating a new database, in Import Template, click a template, and then click Open.
5. In the console tree, right-click Security Configuration and Analysis, and then click Configure Computer Now.
6. Do one of the following:
   • To use the default log in Error log file path, click OK.
   • To specify a different log, in Error log file path, type a valid path and file name.

Notes

• XOX
• To open Security Configuration and Analysis, click Start, click Run, type mmc, and then click OK. On the File menu, click Open, click the console that you want to open, and then click Open. In the console tree, click Security Configuration and Analysis.
• To check the log file, right-click Security Configuration and Analysis, and then click View Log File.
• The default path for the log file is:

  systemroot\Documents and Settings\UserAccount\My Documents\Security\Logs\

1. Open Command Prompt.
2. Type:

   secedit/configure /DB FileName [/CFG FileName][/overwrite][/areas Area1 Area2...] [/log LogPath] [/quiet]

Argument	Description
/DB FileName	Specifies the database used to perform the security configuration.
/CFG FileName	Specifies a security template to import into the database prior to configuring the computer. Security templates are created using the Security Templates snap-in.
/overwrite	Specifies that the database should be emptied prior to importing the security template. If this parameter is not specified, the settings in the security template are accumulated in the database. If this parameter is not specified and there are conflicting settings in the database and the template that is being imported, the template settings take precedence.
/areas Area1 Area2...	Specifies the security areas to be applied to the system. If this parameter is not specified, all security settings that are defined in the database are applied to the system. To configure multiple areas, separate each area by a space. The following security areas are supported: Area name Description SECURITYPOLICY Includes account policies, audit policies, event log settings, and security options. GROUP_MGMT Includes Restricted Group settings. USER_RIGHTS Includes user rights assignment. REGKEYS Includes registry permissions. FILESTORE Includes file system permissions. SERVICES Includes system service settings.
/log LogPath	Specifies a file in which to log the status of the configuration process. If not specified, configuration data is logged in the scesrv.log file, which is located in the %windir%\Security\Logs folder.
/quiet	Specifies that the configuration process should take place without prompting the user.

Examples:

• secedit /configure /db hisecws.sdb /cfg
• hisecws.inf /overwrite /log hisecws.log

Notes

• XOX
• XOX
• The default path for the log file is:

  %windir%\Security\Logs\Scesrv.log

• Secedit /refreshpolicy has been replaced with gpupdate. For information on how to refresh security settings, see Gpupdate.
• To view the complete syntax for this command, at a command prompt, type:
  

  secedit /?