none
I need help copying the security settings and configuration from one computer to other compters.

    Question

  • I need help copying the security settings and configuration from one computer to other compters.

    Background: We have a small department with 4 computers running on an internal network and not connected to the Internet. (Not permitted.)  The computers are not part of a domain.  When we got new computers last year running Windows 7, we first had to harden them according to specs provided by a program called WASSP (Windows Automated Security Scanning Progam).   The scan can result in over 300 findings (computer security settings that need to be changed) that then need to be corrected by hand, which can take quite a long time.  We had a 700+ KB MMC .inf file for our previous XP computers that a former collegue created which could be loaded into each computer to cut down the time it took to harden the computer.  That file won't work with Windows 7 (or at least I don't dare try it), and WASSP finds a lot more security issues with Win7 than XP.  Basically I have to create a "Build" document showing the steps to harden (or reharden after a crash) a computer and am looking for quicker ways to harden the computers.  A previously saved .inf file could be part of the hardening procedure.

    I have been trying to use MMC (Microsoft Management Console) to create a new .inf file with very little success.  I searched the Internet for help with MMC, and most documents and videos show how to use snap-ins, but none talk about saving and transferring actual data.  I did find one answer to a similar question that gave a breif solution about creating a Security template and then saving it, but that was the extent of the help and no details, and following the directions did not produce an .inf file with data settings.

    NOTE: Some suggestions mentioned copying the Windows\system32\grouppolicy folder, but there is nothing in that folder even when I unhide files.

    After some trial and error, I was able to create some database settings via the Security Configuration and Analysis snap-in, analysing a computer that had been configured with the correct settings, and then manually going thru the menu tree and changing each database setting one at a time to match the configured computer.  (Isn't there a faster way?)   It took several more trials and errors before I was able to first save a small 2k file with a few settings to test (and was accepted by the target computer), and then a few more tries before I was able to save a 20K file with more settings.  But the latter only resolved 22 WASSP findings.

    My questions are as follows:

    1)  What is the  proper way to create an .inf file with data in it?  Sometimes I just get a list of what the menu items are, and not actual data. Only 2 tries saved data, but nowhere near everything that I need.

    2)  Is there a faster was to save all of the configured computer's settings (or rather the ones I need) without having to manually tell MMC that I want each value changed in the database?  There should be a way to "Save ALL computer settings to database".

    3) Is there a way to save the register settings, services settings, file permission settings, etc.?  When I select "Analyse computer", the above entries under "Security Configuration and Analysis" shows a lock icon on each root menu item.  When you expand the menu to look at a particular entry, it says "not analyzed" or "can't analyze".  Right clicking on an entry does show a selection to "analyse".

    4)  Is there a better way to transfer all the configuration settings from one computer to another?  It needs to be something that comes with Windows 7, not a product downloaded via the Internet.  Last year when I was first working on this I tried exporting the register from a configured computer and importing to the target computer.  The first try crashed the target computer and I had to start over installing all software.  The 2nd try I used a smaller set of the register, but it also copied the computer name and address which I had to correct, and didn't cover all settings.

    Monday, May 23, 2016 7:33 AM

Answers

  • Hi Karuk,

    1)  What is the  proper way to create an .inf file with data in it?  Sometimes I just get a list of what the menu items are, and not actual data. Only 2 tries saved data, but nowhere near everything that I need.

    >>>For how to create an .inf file, you could refer to the article below.

    Working With .INF Files

    https://technet.microsoft.com/en-us/library/dd361909.aspx

    4)  Is there a better way to transfer all the configuration settings from one computer to another?  It needs to be something that comes with Windows 7, not a product downloaded via the Internet.  Last year when I was first working on this I tried exporting the register from a configured computer and importing to the target computer.  The first try crashed the target computer and I had to start over installing all software.  The 2nd try I used a smaller set of the register, but it also copied the computer name and address which I had to correct, and didn't cover all settings.

    >>>You could user Windows Easy Transfer to migrate settings and files from any computer running Windows XP or Windows Vista to Windows 7.

    For more information, you could refer to the article below.

    Windows 7: Migrating to 64-Bit

    https://technet.microsoft.com/en-us/magazine/hh551148.aspx

    Here is an article below may be helpful to you.

    Windows 7 Upgrade and Migration Guide

    https://technet.microsoft.com/en-us/library/dd446674(v=ws.10).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 24, 2016 6:39 AM
    Moderator
  • Hi,

    Have you gone through this below article ?

    http://www.frickelsoft.net/blog/?p=31


    For security settings:

    1.) Open MMC and add the Snapin “Security Templates”.

    2.) Create your own customized template and save it as an “*inf” file.

    3.) Copy the file to the target machine and import it via command line tool “secedit”:

    secedit /configure /db %temp%\temp.sdb /cfg yourcreated.inf


    Devaraj G | Technical solution architect

    Tuesday, May 24, 2016 11:35 AM

All replies

  • Hi Karuk,

    1)  What is the  proper way to create an .inf file with data in it?  Sometimes I just get a list of what the menu items are, and not actual data. Only 2 tries saved data, but nowhere near everything that I need.

    >>>For how to create an .inf file, you could refer to the article below.

    Working With .INF Files

    https://technet.microsoft.com/en-us/library/dd361909.aspx

    4)  Is there a better way to transfer all the configuration settings from one computer to another?  It needs to be something that comes with Windows 7, not a product downloaded via the Internet.  Last year when I was first working on this I tried exporting the register from a configured computer and importing to the target computer.  The first try crashed the target computer and I had to start over installing all software.  The 2nd try I used a smaller set of the register, but it also copied the computer name and address which I had to correct, and didn't cover all settings.

    >>>You could user Windows Easy Transfer to migrate settings and files from any computer running Windows XP or Windows Vista to Windows 7.

    For more information, you could refer to the article below.

    Windows 7: Migrating to 64-Bit

    https://technet.microsoft.com/en-us/magazine/hh551148.aspx

    Here is an article below may be helpful to you.

    Windows 7 Upgrade and Migration Guide

    https://technet.microsoft.com/en-us/library/dd446674(v=ws.10).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 24, 2016 6:39 AM
    Moderator
  • Hi,

    Have you gone through this below article ?

    http://www.frickelsoft.net/blog/?p=31


    For security settings:

    1.) Open MMC and add the Snapin “Security Templates”.

    2.) Create your own customized template and save it as an “*inf” file.

    3.) Copy the file to the target machine and import it via command line tool “secedit”:

    secedit /configure /db %temp%\temp.sdb /cfg yourcreated.inf


    Devaraj G | Technical solution architect

    Tuesday, May 24, 2016 11:35 AM
  • Hi Karuk,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 30, 2016 3:21 AM
    Moderator