RE: FW: Local Security Policy

From: Jeffrey D. Hawley (jhawley_at_arescorporation.com)
Date: 12/19/03

  • Next message: Tod Beardsley: "Re: TCP/IP Stack Hardening"
    Date: Fri, 19 Dec 2003 13:40:53 -0800
    To: "Scott Cleven-Mulcahy" <scottcm3@hotmail.com>, <focus-ms@securityfocus.com>
    
    

    Scott,
    I am not fully understanding what solution you are pointing at, or maybe I did not fully explain myself. I have no Domain Security Policy Settings, all other servers are not having this problem, and when I go to the Local Security Policy MMC I receive the error below, then I see the folders on the left hand side, and on the right hand side I see "Windows can not read template". Thank you again.
     
    Jeff

            -----Original Message-----
            From: Scott Cleven-Mulcahy [mailto:scottcm3@hotmail.com]
            Sent: Fri 12/19/2003 2:38 PM
            To: Jeffrey D. Hawley
            Cc: focus-ms@securityfocus.com
            Subject: RE: FW: Local Security Policy
            
            

            I recently dealt with the same problem. Take a look at your GPO Event Log
            settings. The 3 that start with "Prevent local guests group from accessing"
            are for pre-W2K3 only. W2K3 supports full fledged permissions on the audit
            logs so you can get more granular. Take a look at
            http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
            
            You may want to consider installing the Group Policy Management Console,
            too. It really helps in identifying which setting is causing a problem.
            
            Scott
            
    >-----Original Message-----
    >From: Jeffrey D. Hawley [mailto:jhawley@arescorporation.com]
    >Sent: Friday, December 19, 2003 1:22 PM
    >To: focus-ms@securityfocus.com
    >Subject: Local Security Policy
    >
    >
    >Hello,
    >
    >Recently, on a cluster in my domain that has two nodes that are running 2k3
    >server, I attempted to look at the local security policies I get the
    >following
    >error:
    >
    >"The Group Policy settings that apply to this machine could not be
    >determined.
    >The error occurred when trying to retreive these settings from the local
    >security policy database (%windir%\security\database\secedit.sdb) was: The
    >parameter is incorrect.
    >All local security settings will be displayed, but no indication will be
    >given
    >as to whether or not a given security setting is defined by Group Policy.
    >Any local settings defined through the user interface may subsequently
    >overriden
    >by domain-level policies."
    >
    >I used esentutl to check the integrity and that is fine, but I get error
    >-1003
    >when attempting to recovery or repair secedit.sdb.
    >Any help on a fix and what may have caused this would be appreciated.
    >Thank
    >you.
    >
    >Jeff
            
            _________________________________________________________________
            Tired of slow downloads? Compare online deals from your local high-speed
            providers now. https://broadband.msn.com
            
            


  • Next message: Tod Beardsley: "Re: TCP/IP Stack Hardening"