1 Reply Latest reply on May 27, 2011 3:34 AM by Adam Bowen

    BladeLogic Deploying Changes to Windows Local Security Policy

    Engineering OSC

      To deploy changes to Windows local security policy, it appears as though BladeLogic 8.1 uses secedit to export the current effective local security policy and then re-import including the change/s being applied in the BladeLogic packages.  Is there a way to configure BladeLogic to only work with the specific policy/s that are being modified via the package?  In our case, we are running a compliance job with autoremediate that verifies a local account is in two specific User Rights policies and adds it if it's not.  However, on some servers, a text formatting issue in a specific Security Options policy was identified after the BladeLogic deployment because the formatting issue only becomes a problem if the policy is imported via secedit; not if it's entered into the policy using the Local Security Policy MMC snap-in (which was done in some cases).  We've identified and corrected the text formatting issue, but would still like to know if BladeLogic can be configured to only work with the specific policy/s that are being modified via the package instead of exporting and re-importing the whole local security policy.