Applying hardening to your windows server with secedit


To apply a security template for hardening in a Windows Server 2012 R2 you can create your own customized security template. In this blog post you can see how to do:

One time done it, follow these steps:

  • Copy costumized inf file to c:\windows\security\templates
  • Open a powershell console and go to c:\windows\security\templates
  • Execute the following command: Secedit /configure /db secedit.sdb /cfg SCM_Template.inf /overwrite /log SCM_Temp.log
  •  Push y key

It’s all 🙂


How to create a security template for hardening


To create and apply a customized security template I did the following:

Use a template based in Security Compliance Manager

Deploy a temporal standalone WS 2012 R2 to do tests

Import the .inf file exported from GPO Backup (folder) option in SCM to a Security Template mmc and then modify all options you want.

Add Security Configuration and Analysis snapin, import your template .inf and then execute the analyze option, remember to use a new database.

Save configurations as inf file and it will be your security template for hardening.