组策略命令全集（国外英文资料）.docVIP

组策略命令全集（国外英文资料） Group policies are an important means of establishing Windows security environments, especially in Windows environments. A good system administrator should be able to master and apply group policies proficiently. In the window interface, the access group policy USES gpedit.msc, and the command line is secedit.exe. Watch the secedit command syntax: Secedit/analyze Secedit/configure Secedit/export Secedit/validate Secedit/refreshpolicy The functions of the five commands are the analysis group policy, the configuration group policy, the export group policy, the validation template syntax, and the update group policy. The secedit/refreshpolicy is replaced by gpupdate in XP / 2003. These commands are specific syntax that you can see by looking at the command line. Unlike the access registry, which requires only a reg file, the access group policy requires a secure database file (SDB) as well as a template file (or inf). To modify the group policy, you must first import the template into a secure database and then refresh the group policy by applying the security database. Heres an example: Suppose I want to set the minimum length of password to 6 and enable the password must meet the complexity requirement, then write this template: [version] Signature = $$ CHICAGO [System Access] MinimumPasswordLength = 6 PasswordComplexity = 1 Save for gp.inf, and then import: Secedit/configure/db gp After this command is executed, a gp.sdb will be created in the current directory, which is intermediate and you can delete it. The/quiet parameter means quiet mode and does not generate logs. But according to my tests, this parameter seemed to be working under 2000sp4, which was normal for XP. The log is always saved in % windir % \ security \ logs \ scesrv. Log. You can also specify your own log to delete it later. Such as: Secedit/configure/db gp Del gp. * In addition, you can also analyze whether the syntax is correct before importing the template: Secedit/validate gp.