7000 \n\nCommand line supplement for the Security Configuration Wizard (SCW).\n\nSyntax: scwcmd [analyze | configure | register | rollback | transform | view ]\n\n
7001 \n\nApplies an SCW generated security policy to a machine. Also accepts a list of machines as input.\n\nSyntax: scwcmd configure [[[/m:machine | /ou:ou] /p:policy] | /i:machinelist] [/u:username] [/pw:password] [/t:threads]\n\n/m:machine Specifies the NetBIOS Name, DNS Name or IP Address of a \n machine to configure. If /m is specified, then /p must \n also be specified.\n\n/ou:ou Specifies the Fully Qualified Domain Name (FQDN) of an OU \n in the Active Directory. If /ou is specified, then /p must \n also be specified. All machines in the OU will be configured \n with the given policy.\n\n/p:policy Specifies the path and filename of the xml policy file that \n should be applied.\n\n/i:machinelist Specifies the path and filename of an xml file that contains \n a list of machines along with their desired policy files. \n The policy files will be applied to the corresponding machines.\n See %windir%\security\SampleMachineList.xml\n\n/u:username Specifies an alternate user credential to use when performing \n a remote configuration. Default is the logged on user.\n\n/pw:password Specifies an alternate user credential to use when performing \n a remote configuration. Default is the logged on user.\n\n/t:threads Specifies the number of simultaneous outstanding configuration \n operations that should be maintained during the configuration \n process. Default is 40.\n\nExamples:\nscwcmd configure /p:webpolicy.xml\nscwcmd configure /m:123.123.123.123 /p:webpolicy.xml /u:webadmin\nscwcmd configure /i:campusmachines.xml /t:100\nscwcmd configure /ou:OU=WebServers,DC=Marketing,DC=ABCCompany,DC=com /p:webpolicy.xml /u:DomainAdmin\n\n
7002 \n\nTransforms an SCW generated security policy into files that can be deployed via group policy. The transform operation does not change any settings on the server where it is performed. The transform operation creates a Group Policy Object (GPO) in Active Directory and copies the transformed files into that GPO. After the transform operation has successfully completed, an administrator must link the GPO to the desired OU(s) in order to have the policy deployed to servers.\n\nWarnings:\n1. IIS Settings are not deployable via group policy.\n2. The transform operation should be performed as a domain administrator.\n3. Firewall policies that list approved applications should not be deployed to servers unless the Windows Firewall service started automatically when the server was last started.\n\nSyntax: scwcmd transform /p:policyfile.xml /g:GPODisplayName\n\n/p:policy Specifies the path and filename of the xml policy file that \n should be applied. This parameter must be specified.\n\n/g:GPOName Specifies the display name of the GPO. This parameter must \n be specified.\n\nExample:\nscwcmd transform /p:FileServerPolicy.xml /g:FileServerSecurity\n\n
7003 \n\nDetermines whether a machine is in compliance with a policy. Results are returned in an XML file. Also accepts a list of machines as input. To view the analysis results in your browser, use `scwcmd view' and specify %windir%\security\msscw\TransformFiles\scwanalysis.xsl as the XSL transform.\n\nSyntax: scwcmd analyze [[[/m:machine | /ou:ou] /p:policy] | /i:machinelist] [/o:resultdir] [/u:username] [/pw:password] [/t:threads] [/l] [/e]\n\n/m:machine Specifies the NetBIOS Name, DNS Name or IP Address of the \n machine to analyze. If /m is specified, then /p must also \n be specified.\n\n/ou:ou Specifies the Fully Qualified Domain Name (FQDN) of an OU \n in the Active Directory. If /ou is specified, then /p must \n also be specified. All machines in the OU will be analyzed \n against the given policy.\n\n/p:policy Specifies the path and filename of the xml policy file that \n should be used to perform the analysis.\n\n/i:machinelist Specifies the path and filename of an xml file that contains \n a list of machines along with their expected policy files. \n All machines in the xml file will be analyzed against their \n corresponding policy files. \n See %windir%\security\SampleMachineList.xml\n\n/o:resultdir Specifies the path and directory where the analysis result \n files should be dumped. Default is the current directory.\n\n/u:username Specifies an alternate user credential to use when performing \n the analysis on a remote machine. Default is the logged on \n user.\n\n/pw:password Specifies an alternate user credential to use when performing \n the analysis on a remote machine. Default is the logged on \n user.\n\n/t:threads Specifies the number of simultaneous outstanding analysis \n operations that should be maintained during the analysis \n process. Default is 40.\n\n/l Causes the analysis operation to be logged. One log file \n will be generated for each machine being analyzed. The log \n files will be stored in the same directory as the result \n files. Use the /o option to specify the directory for the \n result files.\n\n/e Log an event to the Application Event Log if a mismatch is\n found.\n\nExamples:\nscwcmd analyze /p:webpolicy.xml\nscwcmd analyze /m:webserver /p:webpolicy.xml /u:webadmin\nscwcmd analyze /i:campusmachines.xml /t:100 /o:\\resultserver\results\nscwcmd analyze /ou:OU=WebServers,DC=Marketing,DC=ABCCompany,DC=com /p:webpolicy.xml /u:DomainAdmin\n
7004 \n\nRenders an xml file using a specified xsl transform. This command can\nbe useful for displaying SCW xml files using different views.\n\nSyntax: scwcmd view [/x:xmlfile] [/s:xslfile]\n\n/x:xmlfile Specifies the xml file to be viewed. This parameter \n must be specified.\n\n/s:xslfile Specifies the xsl transform to apply to the xml file \n as part of the rendering process. This parameter is \n optional for SCW xml files. When the view command is \n used to render an SCW xml file, it will automatically \n try to load the correct default transform for the \n specified xml. If an XSL transfrom is specified, the \n transform must be written under the assumption that \n the XML file is in the same directory as the XSL \n transform itself.\n\nExample:\nscwcmd view /x:C:\policies\policyfile.xml /s:C:\viewers\policyview.xsl
7006 \n\nApplies the most recent rollback policy available, then deletes that rollback policy.\n\nSyntax: scwcmd rollback /m:machine [/u:username] [/pw:password] \n\n/m:machine Specifies the NetBIOS Name, DNS Name or IP Address of a \n machine where the rollback operation should be performed.\n\n/u:username Specifies an alternate user credential to use when performing \n a remote rollback. Default is the logged on user.\n\n/pw:password Specifies an alternate user credential to use when performing \n a remote rollback. Default is the logged on user.\n\nExample:\nscwcmd rollback /m:123.123.123.123\n\n\n
7007 \n\nExtends or customizes SCW's Security Configuration Database by registering a Security Configuration Database file that contains role, task, service, or port definitions.\n\nSyntax: scwcmd register /kbName:MyApp [/kbfile:kb.xml] [/kb:path] [/d]\n\n/kbname:Myapp Specifies the name under which the Security Configuration\n Database extension will be registered. This parameter must\n be specified.\n\n/kbfile:kb.xml Specifies the path and filename of the Security Configuration\n Database file that will be used to extend or customize SCW's\n Security Configuration Database. To validate that the Security\n Configuration Database file is compliant with the SCW schema,\n use the %windir%\security\KBRegistrationInfo.xsd schema\n definition file.\n This option must be provided unless the /d parameter\n is specified.\n\n/kb:path Specifies the path to the directory that contains the SCW\n Security Configuration Database files to be updated. If this\n option is not specified, %windir%\security\msscw\kbs is used.\n\n/d Unregisters a Security Configuration Database extension from\n the Security Configuration Database. The extension to\n unregister is specified by the /kbname parameter (The /kbfile\n parameter should not be specified).\n The Security Configuration Database to unregister the\n extension from is specified by the /kb parameter.\n\nExamples:\nscwcmd register /kbfile:d:\SCWKBForMyApp.xml /kbname:MyApp /kb:\\kbserver\kb\nscwcmd register /d /kbname:MyApp /kb:\\kbserver\kb\n
7008 Failed to perform registration
7009 Failed to perform unregistration
7010 Command completed successfully.\n
7011 Command completed. Please check log file(s) on each machine for detailed status information. \n
7012 Command completed with error.\n
7013 Please check log file(s) under the following directory:\n%windir%\security\msscw\Logs\n
7015 Failed to generate log file: %windir%\security\msscw\logs\scwcmdlog.xml\n
7016 Error reading password
7017 Error getting OU information
7018 Error getting machine list information
7019 Error getting more memory
7020 Error processing thread pool
7021 Completion code for machine: %1
7022 Please enter the password:
7023 CoInitialize failed
7024 Cannot create Group Policy Object
7025 LDAP open command failed
7026 LDAP Bind command failed
7027 LDAP Search command failed
7028 Cannot read LDAP entry
7029 Cannot read LDAP value
7030 Cannot create a new Group Policy Object
7031 Cannot retrive Active Directory path for the Group Policy Object
7032 Cannot create XML DOM Object
7033 Cannot find File %1
7034 Cannot parse the XML buffer
7035 Cannot obtain root of XML document: %1
7036 Missing XML node: %1
7037 Missing XML attributes: %1
7038 Cannot iterate through XML node list
7039 Cannot manipulate XML attribute node: <%1>
7040 Cannot create SSRCore COM Object
7041 Cannot get SSRCore engine interface
7042 Cannot get ActionData
7043 Cannot get the ActionData interface
7044 Cannot get the SsrEngine interface
7045 Cannot get XML buffer
7046 Cannot pass the xml policy to the engine
7047 The engine failed to perform the transform
7049 Security extension files not found
7050 Cannot merge INF file
7051 Cannot generate template. Please check %1 for more information
7052 Cannot retrive SYSVOL file path for the Group Policy Object
7053 Cannot create directory: %1
7054 Cannot create file: %1
7055 Cannot save Group Policy
7056 Result file: %1
7057 Result directory: %1
7058 A GPO with the supplied display name exists
7059 For information about this operation please see the following directory on the target machine(s): %windir%\security\msscw\Logs
7060 The policy cannot be transformed because it contains settings for the Windows Firewall but the Windows Firewall service is not enabled. In order for Windows Firewall settings to be transformed, the Windows Firewall service must be running on the local machine during the transform operation.\n
