Applying WinXP Local Security Policy...

[Virindi]

Hi all,

I'd like to apply a local security policy template, sometime during install.

Here's what I've dug up so far:

1) To create a security template, I found instructions here:

http://appdeploy.com/tips/detail.asp?id=22

2) After creating and saving said template, I found it in:

C:\WINDOWS\security\templates\CustomXP.inf

3) I copied the policy template to \temp, and tried following the instructions to apply the template:

http://appdeploy.com/tips/detail.asp?id=23

Here is where I'm running into problems; every time I try to apply the template, it doesn't appear to work - it just pops up with the help menu.

c:\> Secedit /configure /db secedit.sdb /cfg"c:\temp\customxp.inf" /silent >nul

c:\> Secedit /refreshpolicy machine_policy /enforce /quiet

I think if I can get these steps to work, I can maybe put this in cmdlines.txt and have it auto-apply the local security policy template during install. If there is someone out there that is more familiar with policies, I would really appreciate some help with this

-J

[pup]

I hope it's this simple - but don't you have to use '/quiet' not '/silent' (on the first secedit call)

?

[Virindi]

Thanks for the reply - the extra set of eyes really helped. This worked:

C:\>secedit /configure /db secedit.sdb /cfg customxp.inf /quiet >nul

Then, I wanted to force the system to apply the new policy immediately (hopefully when cmdlines.txt is read, so way before the user logs in). It turns out they have moved away from secedit and to "gpupdate" to force applying policy:

C:\>gpupdate /force

Refreshing Policy...

User Policy Refresh has completed.

Computer Policy Refresh has completed.

I didn't want any output text, so I changed it a tiny bit to:

C:\>gpupdate /force >nul

I'm going to try putting the appropriate commands and paths into cmdlines.txt, to see if this works out. It looks like it will! Thanks again for the reply.

-J

[pup]

No problems,

Glad it works.