start -> run -> cmd
c:\>secedit /export /cfg c:\foo.inf

this will export an imported template only + plus it will
only export certain areas of the security policy, ie
efs/software restrictions and ipsec are not included. how
have you setup your security settings? via template
creation or configuring the machine directly?


>-----Original Message-----
>Please help with Security Templates... How can I export
>current Local Security Settings to a file so that I can
>use it to configure other PCs on the net???
>Thanks

That only works for Win2k. On WinXP, the local policy store is empty so the
security template exported that way is also empty. That's why the analysis
results turn up empty. Enter the Local Security Settings snapin (secpol.msc
at the command line), right click on Security Settings, and choose Export.
The security template generated from there will be what you are looking for.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Peter Clark" > wrote in message
...
> start -> run -> cmd
> c:\>secedit /export /cfg c:\foo.inf
>
> this will export an imported template only + plus it will
> only export certain areas of the security policy, ie
> efs/software restrictions and ipsec are not included. how
> have you setup your security settings? via template
> creation or configuring the machine directly?
>
>
> >-----Original Message-----
> >Please help with Security Templates... How can I export
> >current Local Security Settings to a file so that I can
> >use it to configure other PCs on the net???
> >Thanks

Thanks Nick,
However, I don't have an option to Export... I have an
option to Export List, but I don't believe that it's the
same thing... It seems that there is something alse to
it...
>-----Original Message-----
>That only works for Win2k. On WinXP, the local policy
store is empty so the
>security template exported that way is also empty.
That's why the analysis
>results turn up empty. Enter the Local Security
Settings snapin (secpol.msc
>at the command line), right click on Security Settings,
and choose Export.
>The security template generated from there will be what
you are looking for.
>
>N
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Any included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm
>
>
>"Peter Clark" > wrote in message
...
>> start -> run -> cmd
>> c:\>secedit /export /cfg c:\foo.inf
>>
>> this will export an imported template only + plus it
will
>> only export certain areas of the security policy, ie
>> efs/software restrictions and ipsec are not included.
how
>> have you setup your security settings? via template
>> creation or configuring the machine directly?
>>
>>
>> >-----Original Message-----
>> >Please help with Security Templates... How can I
export
>> >current Local Security Settings to a file so that I
can
>> >use it to configure other PCs on the net???
>> >Thanks
>
>
>.
>

That's odd. I just checked a XP box and the Export policy was missing for
me too. Sorry about the confusion.

That means the only way to export local policy on XP is to create a security
template that defines every setting you are interested in (using the
Security Templates mmc snapin). Then use secedit /generaterollback to dump
the machine settings into a security template. You can retrieve most of the
settings by running 'secedit /generaterollback /cfg
"%windir%\security\templates\setup security.inf" /rbk CurSettings.inf'.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Marek" > wrote in message
...
> Thanks Nick,
> However, I don't have an option to Export... I have an
> option to Export List, but I don't believe that it's the
> same thing... It seems that there is something alse to
> it...
> >-----Original Message-----
> >That only works for Win2k. On WinXP, the local policy
> store is empty so the
> >security template exported that way is also empty.
> That's why the analysis
> >results turn up empty. Enter the Local Security
> Settings snapin (secpol.msc
> >at the command line), right click on Security Settings,
> and choose Export.
> >The security template generated from there will be what
> you are looking for.
> >
> >N
> >
> >--
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >Any included script samples are subject to the terms
> specified at
> >http://www.microsoft.com/info/cpyright.htm
> >
> >
> >"Peter Clark" > wrote in message
> ...
> >> start -> run -> cmd
> >> c:\>secedit /export /cfg c:\foo.inf
> >>
> >> this will export an imported template only + plus it
> will
> >> only export certain areas of the security policy, ie
> >> efs/software restrictions and ipsec are not included.
> how
> >> have you setup your security settings? via template
> >> creation or configuring the machine directly?
> >>
> >>
> >> >-----Original Message-----
> >> >Please help with Security Templates... How can I
> export
> >> >current Local Security Settings to a file so that I
> can
> >> >use it to configure other PCs on the net???
> >> >Thanks
> >
> >
> >.
> >

I have been looking into secedit as well. However, on my box (XP,
SP1, up-to-date hotfixes), GenerateRollback just brings up the secedit
help.

Does GenerateRollback work on anyone else's XP SP1 box?


Steve

"Nick Finco [MSFT]" > wrote in message >...
> That's odd. I just checked a XP box and the Export policy was missing for
> me too. Sorry about the confusion.
>
> That means the only way to export local policy on XP is to create a security
> template that defines every setting you are interested in (using the
> Security Templates mmc snapin). Then use secedit /generaterollback to dump
> the machine settings into a security template. You can retrieve most of the
> settings by running 'secedit /generaterollback /cfg
> "%windir%\security\templates\setup security.inf" /rbk CurSettings.inf'.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Any included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Marek" > wrote in message
> ...
> > Thanks Nick,
> > However, I don't have an option to Export... I have an
> > option to Export List, but I don't believe that it's the
> > same thing... It seems that there is something alse to
> > it...
> > >-----Original Message-----
> > >That only works for Win2k. On WinXP, the local policy
> store is empty so the
> > >security template exported that way is also empty.
> That's why the analysis
> > >results turn up empty. Enter the Local Security
> Settings snapin (secpol.msc
> > >at the command line), right click on Security Settings,
> and choose Export.
> > >The security template generated from there will be what
> you are looking for.
> > >
> > >N
> > >
> > >--
> > >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> > >Any included script samples are subject to the terms
> specified at
> > >http://www.microsoft.com/info/cpyright.htm
> > >
> > >
> > >"Peter Clark" > wrote in message
> > ...
> > >> start -> run -> cmd
> > >> c:\>secedit /export /cfg c:\foo.inf
> > >>
> > >> this will export an imported template only + plus it
> will
> > >> only export certain areas of the security policy, ie
> > >> efs/software restrictions and ipsec are not included.
> how
> > >> have you setup your security settings? via template
> > >> creation or configuring the machine directly?
> > >>
> > >>
> > >> >-----Original Message-----
> > >> >Please help with Security Templates... How can I
> export
> > >> >current Local Security Settings to a file so that I
> can
> > >> >use it to configure other PCs on the net???
> > >> >Thanks
> > >
> > >
> > >.
> > >