This creates a template which can be used to "roll back" changes another template would make.
SECEDIT command-line switches:
/EXPORT
When not used with the /db switch, this exports the current local Group Policy security settings.
SECEDIT command-line switches:
/MERGEDPOLICY
When used with /export, this collects the security template settings applied from GPO with the settings from the local GPO and exports them into a merged template file
SECEDIT command-line switches:
/VALIDATE
Checks a security template for errors
SECEDIT command-line switches:
/QUIET
Suppresses all screen and log output
Name five places where you can get pre-created templates
Microsoft, SANS, NIST, NSA, CSI
What are the two levels standard security templates operate within?
Enterprise Client (EC):
Computers joined to an AD domain running 2003 servers or better
The SAN can be used to do which of the following:
A) reconfigure systems
B) audit against templates
C) create "database"
D) import/export
E) manage remote systems over the network
A, B, C, D
What should you always do when making changes to a security template?
Save the template
What is the purpose of security templates?
To store a large number of settings in a single file
What is the SCA?
Security Configuration & Analysis Snap-in
What are registry keys used for in security templates?
For setting permissions on registry keys. NOT for changing the values of registry keys.