/build/static/layout/Breadcrumb_cap_w.png
02/07/2018 941 views
Hi,

How to change Security Policy using K1000? Such as, Rename Administrator, Disable Guest Account, Enable Logon Audit, Account Lockout Threshold, etc.
Basically things that can be done using Group Policy
Answer Summary:
0 Comments   [ + ] Show comments

Comments


Answer Chosen by the Author

0
To answer my own question, I end up using secedit /export to to export all configured policies like explained in below article:
https://serverfault.com/questions/91520/are-there-registry-settings-for-password-policies-on-windows-2008

What I've done was:
1. Prepare one Windows 2012 VM, and then configure the policies just like usual using gpedit
2. Once done, export it using command: secedit /export /cfg mytemplate.inf /log mylog.txt
3. If there are no errors, copy the "mytemplate.inf". If you open that file, you will find alot of value, filter it and only keep parameter that you needed
4. And to import it to target PC, copy the "mytemplate.inf" and issue the following command:
secedit /configure /db secedit.sdb /cfg mytemplate.inf /overwrite

5. Check gpedit, the parameter should have changed based on the the template.

Answered 04/29/2018 by: hendra.tommy
Yellow Belt

All Answers

0
Many Group Policy items can be set using registry keys, so that is one option. Otherwise you may need to develop scripts that will change settings or handle things like renaming the default administrator account (which is no longer considered best practice, by the way).

Answered 02/07/2018 by: chucksteel
Red Belt

0
Tried to respond to chucksteel, but didn't work: To find these registry keys, either look online or find them yourself using process monitor.

https://www.howtogeek.com/school/sysinternals-pro/lesson5/

Some things you will find to be tricky to edit through registry.
Answered 02/07/2018 by: ISEKOLD
Orange Belt