/bundles/itninjaweb/img/Breadcrumb_cap_w.png
Hi,

How to change Security Policy using K1000? Such as, Rename Administrator, Disable Guest Account, Enable Logon Audit, Account Lockout Threshold, etc.
Basically things that can be done using Group Policy
Answer Summary:
Cancel
0 Comments   [ - ] Hide Comments

Comments

Please log in to comment

Answer Chosen by the Author


Answers

0
To answer my own question, I end up using secedit /export to to export all configured policies like explained in below article:
https://serverfault.com/questions/91520/are-there-registry-settings-for-password-policies-on-windows-2008

What I've done was:
1. Prepare one Windows 2012 VM, and then configure the policies just like usual using gpedit
2. Once done, export it using command: secedit /export /cfg mytemplate.inf /log mylog.txt
3. If there are no errors, copy the "mytemplate.inf". If you open that file, you will find alot of value, filter it and only keep parameter that you needed
4. And to import it to target PC, copy the "mytemplate.inf" and issue the following command:
secedit /configure /db secedit.sdb /cfg mytemplate.inf /overwrite

5. Check gpedit, the parameter should have changed based on the the template.

Answered 04/29/2018 by: hendra.tommy
Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity

Answers

0
Many Group Policy items can be set using registry keys, so that is one option. Otherwise you may need to develop scripts that will change settings or handle things like renaming the default administrator account (which is no longer considered best practice, by the way).

Answered 02/07/2018 by: chucksteel
Red Belt

Please log in to comment
0
Tried to respond to chucksteel, but didn't work: To find these registry keys, either look online or find them yourself using process monitor.

https://www.howtogeek.com/school/sysinternals-pro/lesson5/

Some things you will find to be tricky to edit through registry.
Answered 02/07/2018 by: ISEKOLD
Orange Belt

Please log in to comment