SekChek Classic for Windows & Active Directory: Running a Scan

The Scan process involves: creating the Scan software (SEKWIEXT.EXE); executing SEKWIEXT.EXE on the target system; transferring the Scan file off the target system.

The tool supports all versions of MS-Windows and Active Directory.


Create the SekChek for Windows Scan software

From the SekChek Client software on your PC: select the Windows tab; click Create...

Creating the SekChek for Windows Scan software

Or, download it from here: SekChek for Windows Scan software


What the Scan software will do

SekChek will scan security on the target system / domain and write its output to an encrypted file (SEKNTF.ZIP or SEK2KF.ZIP) in a directory of your choice. We recommend you use a local, non-system drive for SekChek’s output.

If SekChek is run on a Domain Controller, it will scan domain-wide security policies and domain accounts. The output file will be named SEK2KF.ZIP.

If SekChek is run on a non-DC Server, it will scan local security settings and locally defined accounts. The output file will be named SEKNTF.ZIP.


Use the Administrator account for the Scan

SekChek will scan security on any version of MS-Windows and Active Directory. The Scan process must be run on the computer (DC or Server) you want to analyse.

Important Logon to the host using an account with administrative privileges, then ‘Run As Administrator’.

SekChek for Windows: Run As Administrator


1. Scanning registry keys or directory permissions

To include registry keys or DACLs / SACLs on directories, files or network shares in your audit, you must define your requirements in a file named sekchek.inp. Click here for more information.

You can ignore this step if you do not want to scan registry keys and directory permissions.


2. Start the Scan software

Run SEKWIEXT.EXE on the Windows Server or Domain Controller from a directory on the network (preferred).

Executing the SekChek for Windows Scan software

3. Select the path for SekChek’s encrypted output file

Click ‘Next’... ‘Change Directory’...


4. Check / enter your processing options

Enter your run-time options

View definitions: Client options and Run-time options

Enter your processing options

View definitions: Requester and processing options


5. Click ‘Start Now’ or ‘Start Later’

Start Now will execute the Scan process immediately. SekChek will display the progress of the Scan.

Start Later will display a scheduler menu that allows you to select a more convenient time for SekChek to run. This is useful if you want to run SekChek outside prime business hours.


6. Encrypt the Scan file with SekChek’s public key

After the Scan process has finished:

  • Transfer the output file to a PC that has the SekChek Client software installed
  • Use SekChek Client to PKI-encrypt the Scan file (SEKNTF.ZIP or SEK2KF.ZIP) with SekChek’s public key

Please contact us for assistance if you encounter difficulties with the process.




More Information...

SekChek for..

Popular Downloads..

Popular Links..