Windows 2000 Server provides three utilities for working with the
security templates throughout the network: the Security Templates snap-in, the
Security Configuration and Analysis snap-in, and the Security Settings
Extension to the Group Policy snap-in. (To learn more about snap-ins, see this section on the Microsoft website.) We’ll briefly discuss each of these

  • The Security Templates snap-in is used to
    create the new security templates and modify the existing templates. When you
    open this snap-in, it displays the pre-created templates on your hard drive.
    You can’t use this snap-in to apply the security settings in templates—you can
    only use it to change the settings in the templates.
  • The Security Configuration and Analysis
    is more sophisticated than the Security Templates snap-in and
    provides more functionality. Before using this utility, you must analyze your
    computer against the predefined security template. The snap-in will display all
    the security settings and tell you if the settings on the local computer differ
    from the settings in the predefined security template. If you want, you can
    change the settings or import a template and apply it to the local computer.
    The snap-in can analyze and apply the
    settings only on a local computer.
  • The Security Settings Extension to the Group
    Policy snap-in
    is what you’ll use if you apply the security settings to
    multiple computers. Since you can apply Group Policies to a site, domain, and
    organization unit, you can use this snap-in to configure your enterprise
    security. The security settings are located under Computer Configuration |
    Windows Settings | Security Settings. You can import the security template by
    right-clicking the Security Settings and selecting Import Policy.
  • Administrators sometimes prefer to use command-line
    utilities. Secedit.exe is a command-line version of the Security Configuration
    and Analysis utility. You can use it to analyze and configure computers and
    automate several tasks by using it in the batch files or task scheduler.

    Miss a column?

    Check out the Windows 2000 Server archive, and catch up on the most recent editions of Jim Boyce’s column.

    Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!