A. The Security Configuration and Analysis snap-in has two important abilities.

The first is it can load in a security template and then compare your system to it highlighting any possible problems and the second is it can then apply those changes to bring your system to meet the requirements of the template.

To use perform the following:

  1. Start the MMC snap-in (mmc.exe)
  2. Add the Security Configuration and Analysis snap-in (Console – Add/Remove Snap-in – Add – Security Configuration and Analysis – Add – Close – OK)
  3. Right click on the Security Configuration and Analysis route and select ‘Open database’
  4. Enter a new name and click Open (e.g. titanic.sdb)
  5. Select a template to use, e.g. securedc.inf and click Open
  6. Right click on the root and select ‘Analyze Computer Now…’
  7. Select a location for the log and click OK
  8. After the analysis if you select a branch entries will have one of 3 options
    - A green tick means it meets the templates required value
    - A red cross means it does not meet the templates required value
    - A generic icon means the value is not defined in the template
    Click here to view image
  9. To apply the changes right click on the root and select ‘Configure Computer Now’