Converting of SCW security policy files into Group Policy objects (GPOs)

Applies To: Windows Server 2003, Windows Server 2003 R2

This topic discusses the conversion of SCW security policy files into GPOs.

SCW saves its security policies as .xml files, and the Scwcmd.exe command-line tool allows you to convert these files and save them as GPOs by using the scwcmd transform command. The SCW user interface itself does not support GPOs.

Scwcmd transform. Creates a new GPO and defines the settings for these Group Policy extensions:

  • Security Settings. Contains service settings, registry values, audit policy and security template settings that were imported into the SCW XML policy.

  • IP Security Policies. Contains the IPsec configuration that is defined in the SCW policy.

  • Windows Firewall. Contains Windows Firewall settings that are defined in the SCW policy.

Any Internet Information Services (IIS) settings that are defined in the SCW policy will be lost during the scwcmd transform operation because Group Policy does not support configuration of IIS settings.

After the GPO is created, the administrator must manually link the GPO to the target organizational unit (OU) by using Active Directory Users and Computers, or by using the Group Policy Management Console (GPMC).

To save an SCW security policy in native Group Policy format

  • At the command prompt, type

    **scwcmd transform /p:**PathAndPolicyFileName **/g:**GPODisplayName

    where PathAndPolicyFileName is the policy you created earlier with SCW, including its .xml file name extension and GPODisplayName is the name of the Group Policy object (GPO) as it appears in Group Policy Object Editor or in Group Policy Management Console (GPMC).

    When the scwcmd transform command is complete, the GPO gets created in Active Directory, but the policy it contains is not applied until the GPO is linked to an organizational unit. For instructions about linking GPOs, see the GPMC Help.