seeseccfg

Syntax
 seeseccfg action options
This utility is used to configure and maintain security configurations and managers from the command line.

Actions

  • - create
    • Create or modify a security configuration or security manager definition in the database defined using command-line parameters
  • -delete
    • Delete a security configuration or security manager from the database
  • -export
    • Export one or more security configurations or security managers from the database to an XML file
  • -import
    • Import security configurations and/or managers from an XML file
  • -list
    • List security configurations and/or managers

Options

  • All actions:

    • -usedb
      • Use the cross-region database on the default SQL Server instance to host the SC resource definitions (default)
    • -usedb:<instance>

      • Use the cross-region database on the named SQL Server instance to host the SC resource definitions
    • -nobanner
      • Do not display the banner
    • -quiet
      • Display minimal output
  • For creating a security configuration or security manager (-create):
    • -name:<name>
      • Name of the security configuration or manager to be created (required)
    • -cache_limit:<value>
      • Set the Cache Limit value
    • -cache_ttl:<value>
      • Set the Cache Time-To-Live value
    • -configfile:<file>
      • Specify a file containing configuration text
    • -type:configuration|manager
      • Type of object to create (required)
  • For creating a security configuration (-create -type:configuration):
    • -allow_unknown_resources
      • Enable the Allow Unknown Resources option
    • -allow_unknown_users
      • Enable the Allow Unknown Users option
    • -create_audit_events
      • Enable the Create Audit Events option
    • -manager:<name>
      • Specify a security manager. May be used multiple times
    • -type:configuration
      • Create a security configuration
    • -use_all_groups
      • Enable the Use All Groups option
    • -verify_against_all
      • Enable the Verify Against All option
  • For creating a security manager (-create -type:manager):
    • -authorized_id:<string>
      • ID to use when connecting to the ESM
    • -connection:<string>
      • Connection path to the ESM-description:<string> Description of this security manager
    • -disable
      • Do not enable this security manager
    • -module:<name>
      • Name of the ESM module (required)
    • -password:<string>
      • Password to use when connecting to the ES
    • -type:manager
      • Create a security manager
  • For deleting security configurations or managers (-delete):
    • -name:<name>
      • Name of the security configuration or manager to be deleted (required)
    • -type:configuration|manager
      • Type of object to delete (required)
  • For listing security configurations or managers (-list):
    • -type:configuration|manager
      • Type of object to list. If omitted, both are listed.
  • For importing security configurations or managers from a file (-import):
    • -in:<file>
      • XML file containing definitions of security configurations and/or managers (required)
  • For exporting security configurations or managers to a file (-export):
    • -append
      • If the output file already exists, append to it rather than replacing it
    • -name:<name>
      • Name of the security configuration or manager to be exported. If omitted, all are exported.
    • -out:<file>
      • Name of the file to create or update (required)
    • -type:configuration|manager
      • Type of object to export (required if -name specified, otherwise optional)

Examples

  • List the security managers defined in the (local)\SQLEXPRESS database
  seeseccfg -list -type:manager -usedb:(local)\SQLEXPRESS
  • Create a security configuration named "Default" with all default values, and using the security manager named "test3".
seeseccfg -create -type:configuration -name:Default -manager:test3
  • Create a security manager in the ESDB instance on "host" with various parameters. The configuration text for the manager is read from the file secmgr.txt.
 seeseccfg -create -usedb:host\ESDB -type:manager -name:test3 -module:NullEsm -description:"Test manager #3" -disable
       -cache_limit:200 -cache_ttl:600 -configfile:secmgr.txt 
  • Export all security configurations and managers from the cross-region database in the default database instance on the local system.
seeseccfg -export -out:definitions.xml
  • Import one or more definitions from the specified file.
 seeseccfg -import -in:definitions.xml