لطفا منتظر باشید ...
Publisher| Security TemplatesTools |
Security Templates
This snap-in can be used to view,
create, or modify a security policy
for a computer or network. You can import predefined templates and
modify them or create your own templates and then apply them to a
standalone computer or import them into Group Policy to apply them to
computers in a domain. The console tree typically looks like this:
Security Templates
Template Search Path
Template
Template...
Right-clicking on each node makes different actions available,
depending on the node.
- Security Templates
Select this to define a new template search path.- Template Search Path (C:\Windows\Security\Templates by default)
Select this to create a new template or delete an existing one. You
can use Save As to save a copy of an existing template under a
different name and then modify it. This can take less time than
defining a new template from scratch. If you do create a new
template, be sure to save it.- Template
Select a template to display and modify the
template's security settings using the details pane.
Security Configuration and Analysis
This snap-in can be used to
analyze and configure security
settings on the local computer. For example, you can:
- Import security templates created using the Security Templates
snap-in into a computer-specific datastore (database), merging or
overwriting successive templates to create a composite template that
you can save or export. - Compare the current (effective) security settings on the local
computer with settings stored in the database, displaying the
differences for easy recognition. (A green check mark next to a
setting means the current setting and the template setting agree; a
red X means there is a difference; no mark means both the current
setting and template setting are Not Defined.) - Apply a security template to the Local Security Policy on the
computer so that it takes effect immediately. If after performing
analysis you choose to accept the current settings, the corresponding
value in the database is modified to match.
To use this tool, select Security Configuration and Analysis to
create a new database or open an existing one. To create a new
database, you must first import a security template. You can then
import additional templates into the database, either merging them
with previously imported template settings or overwriting the
existing settings. You can also directly modify security settings in
the database once you have completed the analysis procedure described
next.You then analyze your computer to compare the settings in the
database with the system's current local security
settings. After analysis, select Security Configuration and Analysis
again to display a logged description of the results of the analysis.
Then, if desired, expand the different containers to display the
differences between the database settings and the
system's current security settings (differences
marked with a red X, as explained earlier). For more information on
these different security settings, see Group
Policy earlier in this chapter.Finally, you can do one of the following:
- Immediately apply the security template settings you imported into
the database to the computer's local security policy
by right-clicking on Security Configuration and Analysis and
selecting Configure Computer Now. Choose this approach if you have
only a few computers to configure. Changes will be applied when you
reboot your computer. If your computers are part of a domain in which
Group Policy is configured, however, be aware that the security
settings you configure locally on your computers may be overwritten
when Group Policy is applied. - Export your database settings to a security template, which you can
then import into a Group Policy Object (GPO). Choose this approach if
you have a domain configuration with multiple computers to configure.
