JSI Tip 9067. When you run 'SecEdit /export /cfg c:\cfg.txt' to export a security template for Local Security Policy in Windows XP, it doesn't export a security template?

When you run the SecEdit /export /cfg c:cfg.txt command in Windows Server 2003 and Windows 2000, it does export a security template, but in Windows XP, even though the command echoed:

Task is completed successfully.
See log %windir%securitylogsscesrv.log for detail info.

the c:cfg.txt file only contained:

[Unicode]Unicode=yes[Version]signature="$CHICAGO$"Revision=1[Profile Description]Description=Default Security Settings. (Windows Professional)

The %windir%securitylogsscesrv.log file contained:

-------------------------------------------Wednesday, February 16, 2005 13:34:39Initializing engine, please wait...

The ability to export a security template for Local Security Policy using SecEdit is apparently broken, at least through Service Pack 2.

NOTE: In Windows XP, there is no Secedit.sdb database, which SecEdit uses. The security template must be stored in the registry.

NOTE: See How do I use the Secedit.sdb database to analyze security settings?

In Windows XP, the best you can do is to save the Security Options list from the Local Security Settings MMC snap-in:

1. Administrative Tools from Control Panel.

2. Double-click Local Security Policy.

3. Expand Local Policies in the left-hand pane.

4. Select Security Options in the left-hand pane.

5. Use the Action menu to press Export List.

6. Enter the file name and navigate to a folder.

7. Press Save.

8. Close the Local Security Settings MMC snap-in.