Como exportar um GPO Local…

Para “exportar” a política de grupo e as configurações que você fez na Security em uma máquina com a Local Group Policy Editor (gpedit.msc) para outras máquinas muito fácil:

1.      Abra a caixa de dialogo executar e digite:

%systemroot%\system32\GroupPolicy\
Dentro dessa pasta, existem duas pastas – “machine” e “users”. Copie para as pastas para a pasta %systemroot%\system32\ GroupPolicy– pasta no computador de destino. Tudo o que precisa agora é de uma reinicialização ou forçar a atualização da política com gpupdate /force”.

Obs.: Caso você não consiga visualizarr o “GroupPolicy” na pasta de origem ou a máquina de destino, certifique-se de você estar visualizando arquivos ocultos em Opções do Explorer (mostrar arquivos ocultos).

Para as configurações de segurança:

1.      Abra o MMC e adicione o snap-in “Security Templates”.

2.      Crie o seu próprio modelo personalizado e salve-o como “.inf” file.

3.      Copie o arquivo para o computador de destino e importá-lo através da ferramenta de linha de comando “secedit”:

secedit /configure/db%temp%\temp.sdb/cfg yourcreated.inf

Secedit (somente em inglês)

 

Configures and analyzes system security by comparing your current configuration to at least one template.

To view the command syntax, click a command:

secedit /analyze

Syntax

secedit /analyze /db FileName [/cfg FileName] [/log FileName] [/quiet]

 

Parameters

/db FileName Required. Specifies the path and file name of a database that contains the stored configuration against which the analysis will be performed. If FileName specifies a new database, the /cfg FileName command-line option must also be specified.

/cfg FileName Specifies the path and file name for the security template that will be imported into the database for analysis. This command-line option is only valid when used with the /dbparameter. If this is not specified, the analysis is performed against any configuration already stored in the database.

/log FileName Specifies the path and file name of the log file for the process. If this is not provided, the default log file is used.

/quiet Suppresses screen and log output. You can still view analysis results by using Security Configuration and Analysis.

secedit /configure

Configures system security by applying a stored template.

Syntax

secedit /configure /db FileName [/cfg FileName ] [/overwrite][/areas area1 area2…] [/log FileName] [/quiet]

 

Parameters

/db FileName Required. Provides the file name of a database that contains the security template that should be applied.

/cfg FileName Specifies the file name of the security template that will be imported into the database and applied to the system. This command-line option is only valid when used with the /db parameter. If this is not specified, the template that is already stored in the database is applied.

/overwrite Specifies whether the security template in the /cfg parameter should overwrite any template or composite template that is stored in the database instead of appending the results to the stored template. This command-line option is only valid when the /cfg parameter is also used. If this is not specified, the template in the /cfg parameter is appended to the stored template.

/areas area1 area2… Specifies the security areas to be applied to the system. If an area is not specified, all areas are applied to the system. Each area should be separated by a space.

Area name Description

SECURITYPOLICY

Local policy and domain policy for the system, including account policies, audit policies, and so on.

GROUP_MGMT

Restricted group settings for any groups specified in the security template

USER_RIGHTS

User logon rights and granting of privileges

REGKEYS

Security on local registry keys

FILESTORE

Security on local file storage

SERVICES

Security for all defined services

 

/log FileName Specifies the file name of the log file for the process. If it is not specified, the default path is used.

/quiet Suppresses screen and log output.

secedit /export

Exports a stored template from a security database to a security template file.

Syntax

secedit /export [/mergedpolicy] [/DB FileName] [/CFG FileName] [/areas area1 area2…] [/log FileName] [/quiet]

 

Parameters

/mergedpolicy Merges and exports domain and local policy security settings.

/db FileName Specifies the database file that contains the template that will be exported. If the name of a database file is not provided, the system policy database is used.

/db FileName Specifies the file name where the template should be saved.

/areas area1 area2… Specifies the security areas to be exported to a template. If an area is not specified, all areas are exported. Each area should be separated by a space.

Area name Description

SECURITYPOLICY

Specifies local policy and domain policy for the system, including account policies, audit policies, and so on.

GROUP_MGMT

Specifies restricted group settings for any groups specified in the security template.

USER_RIGHTS

Specifies user logon rights and granting of privileges

REGKEYS

Specifies the security on local registry keys

FILESTORE

Specifies the security on local file storage

SERVICES

Specifies security for all defined services

 

/log FileName Specifies the file name of the log file for the process. If not specified, the default path is used.

/quiet Suppresses screen and log output.

secedit /validate

Validates the syntax of a security template to be imported into a database for analysis or application to a system.

 

Syntax

secedit /validate FileName

Parameter

FileName Specifies the file name of the security template you have created with Security Templates.

 

Remarks

secedit /refreshpolicy has been replaced with gpupdate. For information on how to refresh security settings, see gpupdate

 

Formatting legend

 

 

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (…)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

Fonte: Microsoft / Marquinhos Lisboa – Acessado em 10/07/2017

The following two tabs change content below.
Alexandre Queiroz é Carioca legítimo,amante de sua cidade (Rio de Janeiro), muito bem casado, amante de novas Tecnologias, Música Eletrônica, Carros, Viajar, Cachorros e etc. Este site/blog é utilizado somente para compartilhar notícias, guardar soluções próprias, dicas e sem fins lucrativos... É utilizado como hobbie e para armazenar conhecimento.

Latest posts by Alexandre Queiroz (see all)

Compartilhe: