Secedit: configure command in Windows
Secedit: configure command allows you to configure the current system settings using the security settings stored in the database.To better understand how to use this command, see the example below.
Syntax command secedit: configure
Secedit / configure / db [/ cfg] [/ overwrite] [/ areas SECURITYPOLICY | GROUP_MGMT | USER_RIGHTS | REGKEYS | FILESTORE | SERVICES] [/ log] [/ quiet]
The secedit command: configure
Parameters
Describe
db
This is a required parameter.
Specify the path and file name of the database that contains the stored configuration.
If the database designation name does not have a security template (as indicated by the configuration file) associated with it, the command line / cfg option must also be specified according to
cfg
Optional parameters.
Specify the path and file name for the security template to be entered into the database for analysis.
This optional parameter / cfg is only valid when used with the parameter / db.
If this parameter is not specified, the analysis will be performed for any configuration stored in the database.
overwrite
Optional parameters.
Specify whether the security pattern in the / cfg parameter should override any synthesized templates stored in the database, instead of appending the results to the stored form. This command line option is only valid when the parameter / cfg is also used. If this parameter is not specified, the template in the / cfg parameter will be added to the template stored by default.
areas
Optional parameters.
Specify security zones to be applied to the system.If this parameter is not specified, all security settings defined in the database will be applied to the system.To configure multiple security areas, separate each area with a space.The following security zones are supported:
- SecurityPolicy
Local policies and domain policies for the system, including account policies, audit policies, security options .
- Group_Mgmt
Group settings will be restricted to any group specified in the security form.
- User_Rights
User login and grant privileges.
- RegKeys
Security on local registry keys.
- FileStore
Secure local file storage.
- Services
Security for all identified services.
log
Optional parameters.
Specify the path and name of the log file to be used in the process.
quiet
Optional parameters.
Do not display the output on the screen.You can still view the analysis results by using the Security Configuration and Analysis attachment on Microsoft Management Console (MMC).
Secedit: configure command
- If the path for the log file is not provided, the default log file, (systemrootDocuments and Settings * UserAccountMy DocumentsSecurityLogs * DatabaseName.log) will be used.
- Starting with Windows Server 2008, the Secedit / refreshpolicy subcommand has been replaced with gpupdate.For more information on how to refresh security settings, see the Gpupdate command.
For example, command secedit: configure
To conduct an analysis of the security parameters on the security database named SecDbContoso.sdb that you created with the attachment of Security Configuration and Analysis and direct the output to the SecAnalysisContosoFY11 file with the prompt for you Can verify if the command is running correctly.Type:
Secedit / analyze / db C: SecurityFY11SecDbContoso.sdb / log C: SecurityFY11SecAnalysisContosoFY11.log
Assume that the analysis process shows some inadequacies, so the SecContoso.inf security template has been modified.Rerun the command to combine the changes, direct the output to an existing file named SecAnalysisContosoFY11 without prompting, type:
Secedit / configure / db C: SecurityFY11SecDbContoso.sdb / cfg SecContoso.inf / overwrite / log C: SecurityFY11SecAnalysisContosoFY11.xml / quiet
See more:
- Summary of 20 common Run commands on Windows operating system
- Overview of Windows Server 2008
- Install Windows Server 2008
- Instructions for installing Windows Server 2012 step by step
You should read it
- Secedit command in Windows
- Secedit: import command in Windows
- Secedit: analyze command in Windows
- Secedit command: export in Windows
- Secedit command: generaterollback in Windows
- Secedit: validate command in Windows
- Configure IP network address with MS-DOS command
- The Scwcmd configure command in Windows
- Configure God of War Ragnarok on PC
- Configure 2020 Pes PC
- Configure GTA Trilogy on PC
- Configure wireless connection of Windows Vista from CLI with netsh wlan
Maybe you are interested
iPhone security tips you're missing out on
This list of common passwords shows how little we understand about online security
Download free Windows Server 2025 security guide
5 Misconceptions About Password Security
Should I buy a USB, Bluetooth or NFC security key?
4 Security Steps to Follow When Using Remote Access Applications