What’s the difference if I run SekChek for Windows on a Domain Controller, Server or Workstation?
SekChek automatically recognises the type of machine it is running on and changes the scope of the analyses accordingly. For example, if SekChek is run on a Domain Controller, it will analyse domain-wide security settings, RAS access to the domain, and all user accounts defined in the domain controlled by that Domain Controller.
If SekChek is run on a non-DC Server or a Workstation, it will analyse security settings and user accounts applicable to that specific machine only.
A very comprehensive view of security can be obtained by running SekChek on a Domain Controller for a domain, on the Servers or Workstations that contain the most sensitive applications and data, and on any trusted domains.
For more information please read the Help section Planning Your SekChek for Windows Analysis.