• Security templates are .inf files that contain settings that correspond with the Account Policies and Local Policies in the local security policy. In addition, security templates can contain set- tings for the event log, restricted groups, service configuration, registry security, and file system security. You can use security templates to apply security settings or compare existing security settings against a corporate standard.


• The security templates are edited by using the security templates snap-in. The Security Templates snap-in automatically opens to the C:\Users\%USERNAME%\ Documents\ Security\Templates folder. You can add additional locations if desired, but typically security templates are stored here.





• Security templates are used by the Security Configuration and Analysis tool and Secedit. Both tools perform approximately the same tasks. The Security Configuration and Analysis tool is an MMC snap-in that is easy to use when working with a single computer. Secedit is a command-line utility that is better for scripting and working with multiple computers.

Tasks you can perform with the Security Conf guration and Analysis tool are:

• Analyze: You can compare the settings in a security template against the settings on a computer. This is useful when you want to confirm that computers meet the minimum security requirements defined in a security template.
• Configure: You can apply the settings in a security template to a computer. This is useful to enforce the security requirements defined in a security template.
• Export: You can export the settings on a computer to a security template. This is useful if a computer has been properly configured and you want to apply these security settings to an additional computer.

Activity 7-4