May 9th, 2016

New Security Cmdlets in Nano Server

PowerShell Team
PowerShell Team

In Windows Server 2016 TP5, we included two new cmdlets to help manage security policy settings. While they are present on every install option of Windows Server, these are mostly useful on Nano Server because Nano Server does not support Group Policy.

Security-related settings include two different kinds of artifacts.

• .INF files containing security policy template settings. These are handled by the “securityCmdlets”(*) module that ships in Technical Preview 5

• .CSV files containing advanced audit settings. these are handled by the “securityCmdlets”(*) module that ships in Technical Preview 5

(*) – “securityCmdlets” is a temporary name for TP5. These modules will be renamed in a later release of Windows Server, which will be a breaking change. Please be aware any scripts that use this module will have to change for future releases of Windows Server 2016.

.INF files can be generated by SecEdit.exe on a Server with Desktop Experience or Server Core installation, or they can be generated with Backup-SecurityPolicy.

.CSV files can be generated by AuditPol.exe on a Server with Desktop Experience or Server Core installation, or they can be generated with Backup-AuditPolicy.

You can remotely invoke the following to import both advanced audit and security template settings to your Nano Server installation:

    Import-Module SecurityCmdlets

    #replace this string with the path to the .INF file

    $SecInf = "c:\GPO\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"

    $AuditCsv = "c:\GPO\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"

     

    Restore-SecurityPolicy -Path $secInf

    Restore-AuditPolicy -Path $auditCsv
Category
PowerShell
Topics
News

Author

PowerShell Team
PowerShell Team

PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.

0 comments

Discussion are closed.

Feedback