Syntax
seeseccfg action options
This utility is used to configure and maintain security configurations and managers from the command line.
Actions
- - create
- Create or modify a security configuration or security manager definition in the database defined using command-line parameters
- -delete
- Delete a security configuration or security manager from the database
- -export
- Export one or more security configurations or security managers from the database to an XML file
- -import
- Import security configurations and/or managers from an XML file
- -list
- List security configurations and/or managers
Options
-
All actions:
- -usedb
- Use the cross-region database on the default SQL Server instance to host the SC resource definitions (default)
-
-usedb:<instance>
- Use the cross-region database on the named SQL Server instance to host the SC resource definitions
- -nobanner
- Do not display the banner
- -quiet
- For creating a security configuration or security manager (-create):
- -name:<name>
- Name of the security configuration or manager to be created (required)
- -cache_limit:<value>
- Set the Cache Limit value
- -cache_ttl:<value>
- Set the Cache Time-To-Live value
- -configfile:<file>
- Specify a file containing configuration text
- -type:configuration|manager
- Type of object to create (required)
-
For creating a security configuration (-create -type:configuration):
- -allow_unknown_resources
- Enable the Allow Unknown Resources option
- -allow_unknown_users
- Enable the Allow Unknown Users option
- -create_audit_events
- Enable the Create Audit Events option
- -manager:<name>
- Specify a security manager. May be used multiple times
- -type:configuration
- Create a security configuration
- -use_all_groups
- Enable the Use All Groups option
- -verify_against_all
- Enable the Verify Against All option
- For creating a security manager (-create -type:manager):
- -authorized_id:<string>
- ID to use when connecting to the ESM
- -connection:<string>
- Connection path to the ESM-description:<string> Description of this security manager
- -disable
- Do not enable this security manager
- -module:<name>
- Name of the ESM module (required)
- -password:<string>
- Password to use when connecting to the ES
- -type:manager
- Create a security manager
- For deleting security configurations or managers (-delete):
- -name:<name>
- Name of the security configuration or manager to be deleted (required)
- -type:configuration|manager
- Type of object to delete (required)
- For listing security configurations or managers (-list):
- -type:configuration|manager
- Type of object to list. If omitted, both are listed.
- For importing security configurations or managers from a file (-import):
- -in:<file>
- XML file containing definitions of security configurations and/or managers (required)
- For exporting security configurations or managers to a file (-export):
- -append
- If the output file already exists, append to it rather than replacing it
- -name:<name>
- Name of the security configuration or manager to be exported. If omitted, all are exported.
- -out:<file>
- Name of the file to create or update (required)
- -type:configuration|manager
- Type of object to export (required if -name specified, otherwise optional)
Examples
- List the security managers defined in the (local)\SQLEXPRESS database
seeseccfg -list -type:manager -usedb:(local)\SQLEXPRESS
- Create a security configuration named "Default" with all default values, and using the security manager named "test3".
seeseccfg -create -type:configuration -name:Default -manager:test3
- Create a security manager in the ESDB instance on "host" with various parameters. The configuration text for the manager is
read from the file
secmgr.txt.
seeseccfg -create -usedb:host\ESDB -type:manager -name:test3 -module:NullEsm -description:"Test manager #3" -disable
-cache_limit:200 -cache_ttl:600 -configfile:secmgr.txt
- Export all security configurations and managers from the cross-region database in the default database instance on the local
system.
seeseccfg -export -out:definitions.xml
- Import one or more definitions from the specified file.
seeseccfg -import -in:definitions.xml