Secedit: analyze command in Windows
The secedit: analyze command allows you to analyze the current system settings based on the basic settings stored in the database.To better understand how to use this command, see the example below.
Syntax secedit: analyze command
Secedit / analyze / db [/ cfg] [/ overwrite] [/ log] [/ quiet}]
Secedit: analyze command parameter
Parameters
Describe
db
This is a required parameter.
Specify the path and name of the database file that contains the stored configuration to perform the analysis.
If the database designation name does not have a security template (as indicated by the configuration file) associated with it, the command line / cfg option must also be specified according to
cfg
Optional parameters.
Specify the path and name of the security template to be entered into the database for analysis.
This optional parameter / cfg is only valid when used with the parameter / db.
overwrite
Optional parameters.
Specify whether the security pattern in the / cfg parameter should override any synthesized templates stored in the database, instead of appending the results to the stored form.This command line option is only valid when the parameter / cfg is also used.
log
Optional parameters.
Specify the path and name of the log file to be used in the process.
quiet
Optional parameters.
Do not display the output on the screen.You can still view the analysis results by using the Security Configuration and Analysis attachment on Microsoft Management Console (MMC).
Note the secedit: analyze command
- The analysis results will be stored in a separate area of the database and can be viewed in the attachment of Security Configuration and Analysis for MMC.
- If the path for the log file is not provided, the default log file, (systemrootDocuments and Settings * UserAccountMy DocumentsSecurityLogs * DatabaseName.log) will be used.
- Starting with Windows Server 2008, the Secedit / refreshpolicy subcommand has been replaced with gpupdate.For more information on how to refresh security settings, see the Gpupdate command.
Example secedit: analyze command
To conduct an analysis of the security parameters on the security database named SecDbContoso.sdb that you created with the attachment of Security Configuration and Analysis, and direct the output to the SecAnalysisContosoFY11 file with the prompt to You can verify if the command is running correctly.Type:
Secedit / analyze / db C: SecurityFY11SecDbContoso.sdb / log C: SecurityFY11SecAnalysisContosoFY11.log
Assume that the analysis process shows some inadequacies, so the SecContoso.inf security template has been modified.Rerun the command to combine the changes, direct the output to an existing file named SecAnalysisContosoFY11 without prompting, type:
Secedit / analyze / db C: SecurityFY11SecDbContoso.sdb / cfg SecContoso.inf / overwrite / log C: SecurityFY11SecAnalysisContosoFY11.xml / quiet
See more:
- Summary of 20 common Run commands on Windows operating system
- Summary of shortcuts to know in Windows 10
- Instructions for installing Windows Server 2012 step by step
- Install Windows Server 2008
You should read it
- Secedit command in Windows
- Secedit: import command in Windows
- Secedit command: generaterollback in Windows
- Secedit: configure command in Windows
- Secedit command: export in Windows
- Secedit: validate command in Windows
- The Scwcmd analyze command in Windows
- Del command in Windows
- Rem command in Windows
- How to develop React apps that analyze emotions using OpenAI API
- Set command in Windows
- Cmd command in Windows
Maybe you are interested
How to use the file search command on Windows, find saved files
Why is tldr command better than man command in Linux?
Should I use PowerShell or Command Prompt?
What to do when open command window here does not appear?
How to switch users on the Linux command line
How to fix Mac Homebrew error 'zsh: command not found: brew'