RE: FW: Local Security Policy

From: Jeffrey D. Hawley (
Date: 12/19/03

  • Next message: Tod Beardsley: "Re: TCP/IP Stack Hardening"
    Date: Fri, 19 Dec 2003 13:40:53 -0800
    To: "Scott Cleven-Mulcahy" <>, <>

    I am not fully understanding what solution you are pointing at, or maybe I did not fully explain myself. I have no Domain Security Policy Settings, all other servers are not having this problem, and when I go to the Local Security Policy MMC I receive the error below, then I see the folders on the left hand side, and on the right hand side I see "Windows can not read template". Thank you again.

            -----Original Message-----
            From: Scott Cleven-Mulcahy []
            Sent: Fri 12/19/2003 2:38 PM
            To: Jeffrey D. Hawley
            Subject: RE: FW: Local Security Policy

            I recently dealt with the same problem. Take a look at your GPO Event Log
            settings. The 3 that start with "Prevent local guests group from accessing"
            are for pre-W2K3 only. W2K3 supports full fledged permissions on the audit
            logs so you can get more granular. Take a look at
            You may want to consider installing the Group Policy Management Console,
            too. It really helps in identifying which setting is causing a problem.
    >-----Original Message-----
    >From: Jeffrey D. Hawley []
    >Sent: Friday, December 19, 2003 1:22 PM
    >Subject: Local Security Policy
    >Recently, on a cluster in my domain that has two nodes that are running 2k3
    >server, I attempted to look at the local security policies I get the
    >"The Group Policy settings that apply to this machine could not be
    >The error occurred when trying to retreive these settings from the local
    >security policy database (%windir%\security\database\secedit.sdb) was: The
    >parameter is incorrect.
    >All local security settings will be displayed, but no indication will be
    >as to whether or not a given security setting is defined by Group Policy.
    >Any local settings defined through the user interface may subsequently
    >by domain-level policies."
    >I used esentutl to check the integrity and that is fine, but I get error
    >when attempting to recovery or repair secedit.sdb.
    >Any help on a fix and what may have caused this would be appreciated.
            Tired of slow downloads? Compare online deals from your local high-speed
            providers now.

  • Next message: Tod Beardsley: "Re: TCP/IP Stack Hardening"