Using Secedit to Apply Local Security Policy via K1000
10/06/2016 1170 views
I am attempting to apply local security policies to Windows computers using KACE.
I have exported an .inf file out of the Microsoft Management Console that contains the security changes and have been able to apply the settings while logged into the computer via command prompt or with a batch file.
The command I use for the local installation is:
secedit /configure /db c:\windows\security\local.sdb /cfg <path to file>\security.inf
However, whenever I try to push the same policy via KACE it does not apply the settings.
I have tried something like the below screenshot... I've replaced the .sdb location with $(KACE_SYS_DIR) and the file location with $(KACE_DEPENDENCY_DIR) to no avail.
From what I can tell, secedit.exe runs, but it can't find either the database (sdb) and/or the .inf file that it needs to import the settings.
For background; we have a mixed domain/off domain install base, and as such want to leverage local group / local security policies so that they work on both types of systems, so I can't use the Domain GP to set these.
Any help would be appreciated as this is probably the last stumbling block for me.
Answer Chosen by the Author
Please log in to answer
Looks like I have answered my own question, so I'll provide it here in case anyone else needs to know how to do this. Here is a screenshot of the Online KScript:
The full parameters are: /configure /db c:\windows\security\local.sdb /cfg $(KACE_DEPENDENCY_DIR)\security.inf
Answered 10/07/2016 by: aidenpryde