secedit命令行操作组策略

[toc]

快速入门

描述:组策略是建立Windows安全环境的重要手段，尤其是在Windows域环境下;系统管理员肯定使用

gpedit.msc

在窗口界面下访问组策略，然而我们有木有办法可以再命令行下进行设置,答案肯定是有的就是今天的主人公 secedit.exe;

WeiyiGeek.gpedit.msc

组策略的计算机安全策略模板存放路径

%SYSTEMROOT%securitytemplates

系统默认的安全数据库路径

%windir%securitydatabasesecedit.sdb

如果没有/log指定配置操作信息将被记录到scesrv.log

%windir%securitylogs目录之中

WeiyiGeek.secedit.sdb

基础语法:

代码语言：javascript代码运行次数：0运行复制

此命令的语法为:secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]参数:/quit 安静模式

secedit 命令详述secedit /export
描述:允许你导出保存在数据库中的安全设置。
代码语言：javascript代码运行次数：0运行复制
语法:secedit /export [/db filename] [/mergedpolicy] /cfg filename [/areas area1 area2...] [/log filename]参数：/db filename - 指定要导出数据的数据库。如果没有指定，将使用系统安全数据库。/cfg filename - 指定要导出数据库内容的安全模板。/mergedpolicy - 合并并且导出域和本地策略安全设置。/areas - 指定要应用到系统的安全性范围。如果没有指定此参数，在数据库中定义的所有安全性设置都将应用到系统中。 要配置多个范围，用空格将它们分开。下列安全性范围是受支持的:* SECURITYPOLICY - 包括帐户策略，审核策略，事件日志设置和安全选项。* GROUP_MGMT - 包括受限制的组设置* USER_RIGHTS - 包括用户权限分配* REGKEYS - 包括注册表权限* FILESTORE - 包括文件系统权限* SERVICES - 包括系统服务设置/log filename - 指定要记录导出操作状态的文件。
基础信息:
代码语言：javascript代码运行次数：0运行复制
#示例1.命令行获取本地安全策略secedit /export /cfg current.inf /log secedit.log#Built-In Local Groups #Administrators组 *S-1-5-32-544#Users组 *S-1-5-32-545#GUESTS组 *S-1-5-32-546#BUILTINACCOUNT OPERATORS *S-1-5-32-548 (=0x224)#UILTINSERVER OPERATORS *S-1-5-32-549 (=0x225)#BUILTINPRINT OPERATORS *S-1-5-32-550 (=0x226)#BUILTINBACKUP OPERATORS *S-1-5-32-551 (=0x227)#BUILTINREPLICATOR  *S-1-5-32-552 (=0x228) $type current.inf[Unicode]Unicode=yes[System Access]MinimumPasswordAge = 0MaximumPasswordAge = 42MinimumPasswordLength = 0PasswordComplexity = 0 ;是否启用密码复杂度PasswordHistorySize = 0LockoutBadCount = 0 ;锁定次数RequireLogonToChangePassword = 0 ;登录就需要登录密码ForceLogoffWhenHourExpire = 0    ;强制下线NewAdministratorName = "Administrator"  ;管理员的默认名称NewGuestName = "Guest"ClearTextPassword = 0LSAAnonymousNameLookup = 0EnableAdminAccount = 0 ;是否启用管理员账户EnableGuestAccount = 0[Event Audit]AuditSystemEvents =3   ;审核系统事件 成功、失败AuditLogonEvents = 3AuditObjectAccess = 3AuditPrivilegeUse = 2AuditPolicyChange = 3AuditAccountManage = 3AuditProcessTracking = 2 ;审核过程追踪 失败AuditDSAccess = 1        ;审核目录服务访问 成功AuditAccountLogon = 3[Registry Values]MACHINESoftwareMicrosoftWindows NTCurrentVersionSetupRecoveryConsoleSecurityLevel=4,0MACHINESoftwareMicrosoftWindows NTCurrentVersionSetupRecoveryConsoleSetCommand=4,0MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonCachedLogonsCount=1,"10"MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonForceUnlockLogon=4,0MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonPasswordExpiryWarning=4,5MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonScRemoveOption=1,"0"MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemConsentPromptBehaviorAdmin=4,5MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemConsentPromptBehaviorUser=4,3MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDontDisplayLastUserName=4,0MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableInstallerDetection=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableLUA=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableSecureUIAPaths=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableUIADesktopToggle=4,0MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableVirtualization=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemLegalNoticeCaption=1,""MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemLegalNoticeText=7,MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemPromptOnSecureDesktop=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemScForceOption=4,0MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemShutdownWithoutLogon=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemUndockWithoutLogon=4,1MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemValidateAdminCodeSignatures=4,0MACHINESoftwarePoliciesMicrosoftWindowsSaferCodeIdentifiersAuthenticodeEnabled=4,0MACHINESystemCurrentControlSetControlLsaAuditBaseObjects=4,0MACHINESystemCurrentControlSetControlLsaCrashOnAuditFail=4,0MACHINESystemCurrentControlSetControlLsaDisableDomainCreds=4,0MACHINESystemCurrentControlSetControlLsaEveryoneIncludesAnonymous=4,0MACHINESystemCurrentControlSetControlLsaFIPSAlgorithmPolicyEnabled=4,0MACHINESystemCurrentControlSetControlLsaForceGuest=4,0MACHINESystemCurrentControlSetControlLsaFullPrivilegeAuditing=3,0MACHINESystemCurrentControlSetControlLsaLimitBlankPasswordUse=4,1MACHINESystemCurrentControlSetControlLsaMSV1_0NTLMMinClientSec=4,536870912MACHINESystemCurrentControlSetControlLsaMSV1_0NTLMMinServerSec=4,536870912MACHINESystemCurrentControlSetControlLsaNoLMHash=4,1MACHINESystemCurrentControlSetControlLsaRestrictAnonymous=4,0MACHINESystemCurrentControlSetControlLsaRestrictAnonymousSAM=4,1MACHINESystemCurrentControlSetControlPrintProvidersLanMan Print ServicesServersAddPrinterDrivers=4,0MACHINESystemCurrentControlSetControlSecurePipeServersWinregAllowedExactPathsMachine=7,SystemCurrentControlSetControlProductOptions,SystemCurrentControlSetControlServer Applications,SoftwareMicrosoftWindows NTCurrentVersionMACHINESystemCurrentControlSetControlSecurePipeServersWinregAllowedPathsMachine=7,SystemCurrentControlSetControlPrintPrinters,SystemCurrentControlSetServicesEventlog,SoftwareMicrosoftOLAP Server,SoftwareMicrosoftWindows NTCurrentVersionPrint,SoftwareMicrosoftWindows NTCurrentVersionWindows,SystemCurrentControlSetControlContentIndex,SystemCurrentControlSetControlTerminal Server,SystemCurrentControlSetControlTerminal ServerUserConfig,SystemCurrentControlSetControlTerminal ServerDefaultUserConfiguration,SoftwareMicrosoftWindows NTCurrentVersionPerflib,SystemCurrentControlSetServicesSysmonLogMACHINESystemCurrentControlSetControlSession ManagerKernelObCaseInsensitive=4,1MACHINESystemCurrentControlSetControlSession ManagerMemory ManagementClearPageFileAtShutdown=4,0MACHINESystemCurrentControlSetControlSession ManagerProtectionMode=4,1MACHINESystemCurrentControlSetControlSession ManagerSubSystemsoptional=7,MACHINESystemCurrentControlSetServicesLanManServerParametersAutoDisconnect=4,15MACHINESystemCurrentControlSetServicesLanManServerParametersEnableForcedLogOff=4,1MACHINESystemCurrentControlSetServicesLanManServerParametersEnableSecuritySignature=4,0MACHINESystemCurrentControlSetServicesLanManServerParametersNullSessionPipes=7,MACHINESystemCurrentControlSetServicesLanManServerParametersRequireSecuritySignature=4,0MACHINESystemCurrentControlSetServicesLanManServerParametersRestrictNullSessAccess=4,1MACHINESystemCurrentControlSetServicesLanmanWorkstationParametersEnablePlainTextPassword=4,0MACHINESystemCurrentControlSetServicesLanmanWorkstationParametersEnableSecuritySignature=4,1MACHINESystemCurrentControlSetServicesLanmanWorkstationParametersRequireSecuritySignature=4,0MACHINESystemCurrentControlSetServicesLDAPLDAPClientIntegrity=4,1MACHINESystemCurrentControlSetServicesNetlogonParametersDisablePasswordChange=4,0MACHINESystemCurrentControlSetServicesNetlogonParametersMaximumPasswordAge=4,30MACHINESystemCurrentControlSetServicesNetlogonParametersRequireSignOrSeal=4,1MACHINESystemCurrentControlSetServicesNetlogonParametersRequireStrongKey=4,1MACHINESystemCurrentControlSetServicesNetlogonParametersSealSecureChannel=4,1MACHINESystemCurrentControlSetServicesNetlogonParametersSignSecureChannel=4,1[Privilege Rights]SeNetworkLogonRight = *S-1-1-0,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551SeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551SeSystemtimePrivilege = *S-1-5-19,*S-1-5-32-544SeCreatePagefilePrivilege = *S-1-5-32-544SeDebugPrivilege = *S-1-5-32-544SeRemoteShutdownPrivilege = *S-1-5-32-544SeAuditPrivilege = *S-1-5-19,*S-1-5-20SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544SeIncreaseBasePriorityPrivilege = *S-1-5-32-544,*S-1-5-90-0SeLoadDriverPrivilege = *S-1-5-32-544SeBatchLogonRight = *S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559SeServiceLogonRight = *S-1-5-80-0SeInteractiveLogonRight = __vmware__,Guest,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551SeSecurityPrivilege = *S-1-5-32-544SeSystemEnvironmentPrivilege = *S-1-5-32-544SeProfileSingleProcessPrivilege = *S-1-5-32-544SeSystemProfilePrivilege = *S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20SeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551SeShutdownPrivilege = *S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551SeTakeOwnershipPrivilege = *S-1-5-32-544SeDenyNetworkLogonRight = GuestSeDenyInteractiveLogonRight = GuestSeUndockPrivilege = *S-1-5-32-544,*S-1-5-32-545SeManageVolumePrivilege = *S-1-5-32-544SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6SeIncreaseWorkingSetPrivilege = *S-1-5-32-545SeTimeZonePrivilege = *S-1-5-19,*S-1-5-32-544,*S-1-5-32-545SeCreateSymbolicLinkPrivilege = *S-1-5-32-544SeDelegateSessionUserImpersonatePrivilege = *S-1-5-32-544[Version]signature="$CHICAGO$" //校验非常重要Revision=1
secedit /configure
描述:允许你用保存在数据库中的安全性设置来配置系统。
                                                                                                                                                    行者AI                            
行者AI绘图创作，唤醒新的灵感，创造更多可能
                                                                                            100                                                                                                        查看详情                                                                                        代码语言：javascript代码运行次数：0运行复制
secedit /configure /db filename [/cfg filename] [/overwrite][/areas area1 area2...] [/log filename] [/quiet]/overwrite - 指定在导入安全性模板前数据库应该被清空。如果没有指定此参数，在安全性模板中指定的将累积到数据库中。             #如果没有指定此参数而且在数据库中的设置与要导入的模板冲突，将采用模板中的设置。/quiet - 指定配置操作的执行不需要提示用户进行任何确认。
基础示例:
代码语言：javascript代码运行次数：0运行复制
secedit /configure /cfg current.inf /overwrite /log hisecws.log #对于所有的文件名，如果没有指定路径，则是用当前目录。#导入全案策略secedit /configure /db model.sdb /cfg gp.inf /quiet  #会自动生成 model.sdb任务成功结束,有关详细信息，请参阅日志 %windir%securitylogsscesrv.log。
secedit /import
可将安全性模板导入到数据库以便模板中指定的设置可应用到系统或作为分析系统的依据。
代码语言：javascript代码运行次数：0运行复制
secedit /import /db FileName .sdb /cfg FileName.inf [/overwrite] [/areasArea1 Area2 ...] [/logFileName] [/quiet]
基础示例:
代码语言：javascript代码运行次数：0运行复制
secedit /import /db hisecws.sdb /cfg hisecws.inf /overwrite
secedit /validate
描述:验证要导入到分析数据库或系统应用程序的安全模板的语法,在不同的系统下执行配置文件中的参数是不同的;
代码语言：javascript代码运行次数：0运行复制
语法:secedit /validate FileName/cfg filename - 指定要验证的安全模板。安全模板是用安全模板管理单元创建的。
基础示例:
代码语言：javascript代码运行次数：0运行复制
secedit /validate /cfg current.ini模版验证顺利完成，下列数据被忽略,数据无效。SeDelegateSessionUserImpersonatePrivilege 不是有效特权。
secedit /analyze
可通过将其与数据库中的基本设置相比较，分析一台计算机上的安全设置。
代码语言：javascript代码运行次数：0运行复制
secedit /analyze /db FileName.sdb [/cfgFileName] [/overwrite] [/logFileName] [/quiet]
基础示例:
代码语言：javascript代码运行次数：0运行复制
secedit /analyze /db current.sdb /log result.txt

WeiyiGeek.
secedit /GenereateRollback
描述：可根据配置模板生成一个回滚模板。在将配置模板应用到计算机上时，可以选择创建回滚模板，该模板在应用时会将安全性设置重置为应用配置模板前的值。
代码语言：javascript代码运行次数：0运行复制
语法:secedit /generaterollback /cfg filename /rbk filename [/log filename] [/quiet]/db filename - 指定执行复原操作使用的数据库。/cfg filename - 指定一个将要生成关于它的复原模板的安全模板。安全模板是用安全模板管理单元创建的。/rbk filename - 指定一个复原信息要写入的安全模板。安全模板是用安全模板管理单元创建的。示例:对于所有的文件名，如果没有指定路径，则是用当前目录。secedit /generaterollback /db hisecws.sdb /cfg hisecws.inf /rbk hisecwsrollback.inf /log hisecws.log
附录脚本合规检查代码语言：javascript代码运行次数：0运行复制
 if exist no.txt (del no.txt)clsecho 正在进行 "审计与帐户策略" 安全检查echo > list.txt PasswordComplexity = 1echo >> list.txt MinimumPasswordLength = 8echo >> list.txt MaximumPasswordAge = 42echo >> list.txt MinimumPasswordAge = 1echo >> list.txt PasswordHistorySize = 5echo >> list.txt ClearTextPassword = 0echo >> list.txt ResetLockoutCount = 15echo >> list.txt LockoutDuration = 15echo >> list.txt LockoutBadCount = 15echo >> list.txt AuditPolicyChange = 3echo >> list.txt AuditLogonEvents = 3echo >> list.txt AuditObjectAccess = 3echo >> list.txt AuditPrivilegeUse = 0echo >> list.txt AuditProcessTracking = 0echo >> list.txt AuditDSAccess = 0echo >> list.txt AuditSystemEvents = 3echo >> list.txt AuditAccountLogon = 3echo >> list.txt AuditAccountManage = 3secedit /export /cfg model.inf >nulfor /F "tokens=1,3" %%i in (list.txt) do (call :Getgp %%i %%j)ping 127.0.0.1 /n 2 >nuldel tmp.txtdel list.txtdel model.infgoto :EOF:Getgpfind "%1" model.inf >tmp.txtfor /f "skip=2 tokens=3" %%i in (tmp.txt) do (if "%%i"=="%2" (echo %1=%%i ok) else (echo %1 策略不符合规则>>bad.txt))goto :EOF
以上就是secedit命令行操作组策略的详细内容，更多请关注创想鸟其它相关文章！
                                                        
版权声明：本文内容由互联网用户自发贡献，该文观点仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。

如发现本站有涉嫌抄袭侵权/违法违规的内容， 请发送邮件至 chuangxiangniao@163.com 举报，一经查实，本站将立刻删除。

发布者：程序猿，转转请注明出处：https://www.chuangxiangniao.com/p/411502.html