programming4us
programming4us
SECURITY

Windows Server 2008 : Security Configuration Wizard (part 2) - Using scwcmd

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
2/15/2014 1:51:06 AM

Using scwcmd

The scwcmd tool is used to manipulate policies created by the SCW. The following table shows some common uses.

scwcmd CommandComments
Create a GPO from a SCW policy. 
scwcmd transform /p:policy-
file.xml /g:gpo-name
C:\>scwcmd transform /p:c:\
windows\security\msscw\
policies\scwtest.xml
/g:SCWTest

Transforms a security policy file generated by using SCW into a new Group Policy object (GPO) in Active Directory Domain Services (AD DS).

The /p switch needs to include the path to the SCW policy file, and the /g switch names the GPO.

Figure 2 shows the GPO named SCWTest created in the Group Policy Management Console (GPMC) from this command.

Tip

The case you use for the GPO is used when the GPO is created. For example, if you use /g:scwtest, the GPO is named scwtest, but if you use /g:SCWTest, the GPO uses the same case named SCWTest.

Note

Although the GPO is created and accessible in the GPMC, it is not linked anywhere by default. You must take the extra step in the GPMC to link it.

Analyze a computer against a policy. 
scwcmd analyze /m:computer-
name | /ou:ou-DN
/p:policy-file.xml
C:\>scwcmd analyze /p:c:\
windows\security\msscw\
policies\scwtest.xml
C:\>s cwcmd analyze /m:dc1
/p:c:\windows\security\msscw\
policies\scwtest.xml
C:\>s cwcmd analyze
/ou:"ou=sales, dc=pearson,
dc=pub"
/p:c:\windows\security\msscw\
policies\scwtest.xml

Determines whether a computer is in compliance with a policy. It compares the policy against the computer (or computers) and creates a file indicating any discrepancies.

You can run the command against the local computer without the /m or /ou switch, a remote computer with the /m switch, or an OU with the /ou switch.

The first example analyzes the local system, the second example analyzes a server named dc1, and the third example analyzes all the computers in the Sales OU. You can then view the xml file identified by the /p switch, which documents any discrepancies.
Configure systems with the policy. 
scwcmd configure /m:computer-
name | /ou:ou-DN  /p:policy-
file.xml
C:\>scwcmd configure /p:c:\
windows\security\msscw\
policies\scwtest.xml
C:\>s cwcmd configure /m:dc1
/p:c:\windows\security\msscw\
policies\scwtest.xml
C:\>s cwcmd configure
/ou:"ou=sales, dc=pearson,
dc=pub"
/p:c:\windows\security\msscw\
policies\scwtest.xml

The configure command applies a SCW-generated security policy to one or more computers. This syntax is similar to the analyze command. You can apply it to the local computer, a remote computer with the /m switch, or all computers in an OU with the /ou switch.
Roll back a policy. 
scwcmd rollback /m:computer-
name
C:\>scwcmd configure /m:dc1

Applies the most recent rollback policy available, and then deletes that rollback policy. You can roll back a policy on only one computer at a time.

Note

Rollback policies are created and stored in the c:\windows\security\msscw\rollbackfiles folder by default.

View a policy. 
scwcmd view /x:policy-file.xml
C:\>scwcmd view /x:c:\windows\
security\msscw\policies\
scwtest.xml

Displays an xml file in an interactive page. Figure 3 shows the result of this command.

Figure 2. Transforming an SCW policy to a GPO

Figure 3. Viewing an SCW policy from scwcmd
Other  
  •  8 Tips To Protect Your Business’s Wireless Network
    •
  •  Web Security : Automating with LibWWWPerl - Using Threading for Performance
  •  Web Security : Automating with LibWWWPerl - Editing a Page Programmatically
    •
  •  Web Security : Automating with LibWWWPerl - Uploading Viruses to Applications, Parsing for a Received Value with Perl
  •  Web Security : Automating with LibWWWPerl - Uploading Malicious File Contents, Uploading Files with Malicious Names
    •
  •  Windows Server 2008 and Windows Vista : Controlling GPOs with Scripts and Automation - VBScript Scripting , Windows PowerShell
  •  Windows Server 2008 and Windows Vista : GPO Security (part 2)
    •
  •  Windows Server 2008 and Windows Vista : GPO Security (part 1)
    •
  •  Windows Server 2008 and Windows Vista : Advanced Group Policy Management Delegation - Approving, Reviewing
    •
  •  Windows Server 2008 and Windows Vista : Advanced Group Policy Management Delegation - Full Control, Editing
    •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
    		 
    		programming4us