The Scan process involves: creating the Scan software (SEKWIEXT.EXE); executing SEKWIEXT.EXE on the target system; transferring the Scan file off the target system.
The tool supports all versions of MS-Windows and Active Directory.
Create the SekChek for Windows Scan software
From the SekChek Client software on your PC: select the Windows tab; click Create...
Or, download it from here: SekChek for Windows Scan software
What the Scan software will do
SekChek will scan security on the target system / domain and write its output to an encrypted file (SEKNTF.ZIP or SEK2KF.ZIP) in a directory of your choice. We recommend you use a local, non-system drive for SekChek’s output.
If SekChek is run on a Domain Controller, it will scan domain-wide security policies and domain accounts. The output file will be named SEK2KF.ZIP.
If SekChek is run on a non-DC Server, it will scan local security settings and locally defined accounts. The output file will be named SEKNTF.ZIP.
Use the Administrator account for the Scan
SekChek will scan security on any version of MS-Windows and Active Directory. The Scan process must be run on the computer (DC or Server) you want to analyse.
Logon to the host using an account with administrative privileges, then ‘Run As Administrator’.
1. Scanning registry keys or directory permissions
To include registry keys or DACLs / SACLs on directories, files or network shares in your audit, you must define your requirements in a file named sekchek.inp. Click here for more information.
You can ignore this step if you do not want to scan registry keys and directory permissions.
2. Start the Scan software
Run SEKWIEXT.EXE on the Windows Server or Domain Controller from a directory on the network (preferred).
3. Select the path for SekChek’s encrypted output file
Click ‘Next’... ‘Change Directory’...
4. Check / enter your processing options
View definitions: Client options and Run-time options
View definitions: Requester and processing options
5. Click ‘Start Now’ or ‘Start Later’
Start Now will execute the Scan process immediately. SekChek will display the progress of the Scan.
Start Later will display a scheduler menu that allows you to select a more convenient time for SekChek to run. This is useful if you want to run SekChek outside prime business hours.
6. Encrypt the Scan file with SekChek’s public key
After the Scan process has finished:
- Transfer the output file to a PC that has the SekChek Client software installed
- Use SekChek Client to PKI-encrypt the Scan file (SEKNTF.ZIP or SEK2KF.ZIP) with SekChek’s public key
Please contact us for assistance if you encounter difficulties with the process.