1
00:00:06,460 --> 00:00:15,400
Administrators often configure security sentencing bills configure and security sentence in a GPO can

2
00:00:15,400 --> 00:00:23,920
be tedious work especially when configuring firewall rules because of the number of rules and settings

3
00:00:23,980 --> 00:00:32,650
that you need to configure security templates are files that you use to manage and configure security

4
00:00:32,650 --> 00:00:36,120
settings on Windows based computers.

5
00:00:36,190 --> 00:00:44,230
Depending on various categories of security settings the security templates consist of settings divided

6
00:00:44,230 --> 00:00:46,540
into logical sections.

7
00:00:46,540 --> 00:00:54,280
When you configure a security template you can use it to configure a single computer or to configure

8
00:00:54,490 --> 00:00:57,400
multiple computers on a network.

9
00:00:57,520 --> 00:01:06,970
You can configure and distribute security templates in several ways you can use SEC added dot exec command

10
00:01:06,970 --> 00:01:14,680
line tool you can use it to compare the current configuration of a computer that is run on Windows Server

11
00:01:14,710 --> 00:01:19,720
2016 or later to specific security templates.

12
00:01:19,720 --> 00:01:23,360
You can also use security templates snap in.

13
00:01:23,500 --> 00:01:31,900
You can use it to create a security policy by using these security templates and other way to configure

14
00:01:31,900 --> 00:01:42,070
and distribute security templates is to use group policy you can use group policy to analyze and configure

15
00:01:42,070 --> 00:01:51,040
computer sadness and to distribute specific security settings and of course you can use security compliance

16
00:01:51,040 --> 00:02:00,580
manager you can use it to view security sentence comparisons to security baselines which are groups

17
00:02:00,580 --> 00:02:08,920
of settings that are designed on Microsoft's security guards and best practices with its help you can

18
00:02:08,920 --> 00:02:13,930
customize and import or export GPO big backups.

19
00:02:13,930 --> 00:02:22,060
Now let's review each of these tools security templates snap in you can use it to configure security

20
00:02:22,060 --> 00:02:26,100
settings and the following sections account policies.

21
00:02:26,110 --> 00:02:34,570
This section includes password account lock out and Scarborough's version 5 policies local policies.

22
00:02:34,570 --> 00:02:41,150
This section includes audit policies user write assignment and security options.

23
00:02:41,150 --> 00:02:42,430
You won't log.

24
00:02:42,430 --> 00:02:50,400
This section includes application least amount security went lock Saddam's restricted groups.

25
00:02:50,410 --> 00:02:58,300
This section includes memberships of groups that have special rights and permissions system services.

26
00:02:58,300 --> 00:03:04,540
This section includes start up and permissions for System Services registry.

27
00:03:04,540 --> 00:03:10,270
This section includes permissions on registry keys and file system.

28
00:03:10,270 --> 00:03:17,830
This section includes permissions for folders and files you can use this nappy in either to save the

29
00:03:18,130 --> 00:03:26,980
INF dot info file to a known location or to make a note of the standard location of security templates

30
00:03:27,160 --> 00:03:34,900
which is document security templates folder in the assigned in user risk profile.

31
00:03:34,960 --> 00:03:38,250
The next tool is security compliance manager.

32
00:03:38,260 --> 00:03:45,850
The security sentence for a computer consists of more than what you can configure and a security template.

33
00:03:45,850 --> 00:03:54,190
Because of this using the security compliance manager to configure security might be a better option.

34
00:03:54,190 --> 00:04:01,900
Microsoft updates the security compliance manager with new security baselines that you can download

35
00:04:01,970 --> 00:04:09,670
and use in your own environment as is or change the sentence to adapt to the security needs of your

36
00:04:09,670 --> 00:04:10,900
organization.

37
00:04:10,930 --> 00:04:20,290
You can export the baselines you want to use at the GPO back up and then import and backup by using

38
00:04:20,380 --> 00:04:24,400
either the JPM C or Windows power Shell.

39
00:04:24,400 --> 00:04:31,000
For more information refer to security compliance manager or ACM.

40
00:04:31,000 --> 00:04:36,110
And lastly you can import a security template into a GPO.

41
00:04:36,160 --> 00:04:43,750
Once you have created your security template you can import the security template by doing the following

42
00:04:44,090 --> 00:04:47,060
in the jeep PMC create a GPO.

43
00:04:47,330 --> 00:04:56,980
Added the GPO and in the group policy management Ed go to the computer configuration policies windows

44
00:04:57,060 --> 00:05:05,140
sentence security asset and section of the GPO right click security assistance and then click import

45
00:05:05,140 --> 00:05:05,800
policy.

46
00:05:06,230 --> 00:05:14,600
And in the import policy from dialog box select the security template file that you want to import and

47
00:05:14,600 --> 00:05:16,030
then click open.

48
00:05:16,070 --> 00:05:22,860
Please know that Djibril will now contain the security incidents configured in the security template.

49
00:05:22,880 --> 00:05:30,200
Now in previous versions of Windows Server you could use the security configuration reserved to examine

50
00:05:30,200 --> 00:05:36,980
Windows server configuration and then create a security policy based on that configuration.

51
00:05:36,980 --> 00:05:43,670
You could then convert to the security policy to a GPO by using a command line.

52
00:05:43,670 --> 00:05:51,200
The security configuration Vizard is no longer available in Windows Server 2016.

53
00:05:51,200 --> 00:05:55,520
Next up we'll talk about managing administrative templates.

54
00:05:55,520 --> 00:05:56,560
I'll see you there.