Secedit command: export in Windows

    The secedit: export command allows you to export the security settings stored in the configured database with security templates. To better understand how to use this command, see the example below.

    Syntax secedit command: export
    Secedit / export / db < database file name > [ / mergedpolicy] / cfg < configuration file name > [/ areas [ securitypolicy | group_mgmt | user_rights | regkeys | filestore | services ]] [/ log < log file name >] [/ quiet ]       
    Parameter secedit command: export
    Parameters
    Describe
    db
    This is a required parameter.
    Specify the path and name of the database file containing the stored configuration to conduct the analysis.
    If the database filename has no security template (as indicated by the configuration file) associated with it, the command line option / cfg must also be specified according to
    mergedpolicy
    Optional parameters.
    Merging and exporting domain names as well as local security policy settings
    cfg
    This is a required parameter.
    Specify the path and name for the security template to be entered into the database for analysis.
    This optional / cfg parameter is only valid when used with the / db parameter.
    If this parameter is not specified, the analysis will be performed for any configuration stored in the database.
    areas
    Optional parameters.
    Specify security zones to be applied to the system. If this parameter is not specified, all security settings defined in the database will be applied to the system. To configure multiple security areas, separate each area with a space. The following security zones are supported:
    - SecurityPolicy
    Local policies and domain policies for the system, including account policies, audit policies, security options ...
    - Group_Mgmt
    Group settings will be restricted to any group specified in the security form.
    - User_Rights
    User login and grant privileges.
    - RegKeys
    Security on local registry keys.
    - FileStore
    Secure local file storage.
    - Services
    Security for all identified services.
    log
    Optional parameters.
    Specify the path and name of the log file to be used in the process.
    quiet
    Optional parameters.
    Do not display the output on the screen. You can still view the analysis results by using the Security Configuration and Analysis attachment on Microsoft Management Console (MMC).
    Note the secedit command: export
    • You can use this command to back up your security policy on the local computer in addition to entering the settings to another computer.
    • If the path for the log file is not provided, the default log file, (systemroot Documents and Settings * UserAccount My Documents Security Logs * DatabaseName.log) will be used.
    • Starting with Windows Server 2008 , the Secedit / refreshpolicy subcommand has been replaced with gpupdate. For more information on how to refresh security settings, see the Gpupdate command.
    For example, secedit command: export
    To export the security database and domain security policies to an inf file and then import this file to another database to copy the security policy settings on another computer, type:
    Secedit / export / db C : Security FY11 SecDbContoso . sdb / mergedpolicy / cfg SecContoso . inf / log C : Security FY11 SecAnalysisContosoFY11 . log / quiet  
    To import this file into a database on another computer, type:
    Secedit / import / db C : Security FY12 SecDbContoso . sdb / cfg SecContoso . inf / log C : Security FY11 SecAnalysisContosoFY12 . log / quiet  

    No comments