I need help copying the security settings and configuration from one computer to other compters.
Background: We have a small department with 4 computers running on an internal network and not connected to the Internet. (Not permitted.) The computers are not part of a domain. When we got new computers last year running Windows 7, we first had to harden them according to specs provided by a program called WASSP (Windows Automated Security Scanning Progam). The scan can result in over 300 findings (computer security settings that need to be changed) that then need to be corrected by hand, which can take quite a long time. We had a 700+ KB MMC .inf file for our previous XP computers that a former collegue created which could be loaded into each computer to cut down the time it took to harden the computer. That file won't work with Windows 7 (or at least I don't dare try it), and WASSP finds a lot more security issues with Win7 than XP. Basically I have to create a "Build" document showing the steps to harden (or reharden after a crash) a computer and am looking for quicker ways to harden the computers. A previously saved .inf file could be part of the hardening procedure.
I have been trying to use MMC (Microsoft Management Console) to create a new .inf file with very little success. I searched the Internet for help with MMC, and most documents and videos show how to use snap-ins, but none talk about saving and transferring actual data. I did find one answer to a similar question that gave a breif solution about creating a Security template and then saving it, but that was the extent of the help and no details, and following the directions did not produce an .inf file with data settings.
NOTE: Some suggestions mentioned copying the Windows\system32\grouppolicy folder, but there is nothing in that folder even when I unhide files.
After some trial and error, I was able to create some database settings via the Security Configuration and Analysis snap-in, analysing a computer that had been configured with the correct settings, and then manually going thru the menu tree and changing each database setting one at a time to match the configured computer. (Isn't there a faster way?) It took several more trials and errors before I was able to first save a small 2k file with a few settings to test (and was accepted by the target computer), and then a few more tries before I was able to save a 20K file with more settings. But the latter only resolved 22 WASSP findings.
My questions are as follows:
1) What is the proper way to create an .inf file with data in it? Sometimes I just get a list of what the menu items are, and not actual data. Only 2 tries saved data, but nowhere near everything that I need.
2) Is there a faster was to save all of the configured computer's settings (or rather the ones I need) without having to manually tell MMC that I want each value changed in the database? There should be a way to "Save ALL computer settings to database".
3) Is there a way to save the register settings, services settings, file permission settings, etc.? When I select "Analyse computer", the above entries under "Security Configuration and Analysis" shows a lock icon on each root menu item. When you expand the menu to look at a particular entry, it says "not analyzed" or "can't analyze". Right clicking on an entry does show a selection to "analyse".
4) Is there a better way to transfer all the configuration settings from one computer to another? It needs to be something that comes with Windows 7, not a product downloaded via the Internet. Last year when I was first working on this I tried exporting the register from a configured computer and importing to the target computer. The first try crashed the target computer and I had to start over installing all software. The 2nd try I used a smaller set of the register, but it also copied the computer name and address which I had to correct, and didn't cover all settings.