What exactly is secedit.sdb

From: Peter Clark (clark_at_hushmail.com)
Date: 04/29/03

• Next message: InfoSec: "Packet/Email Encryption Yes or No"
• Previous message: Maycon Rensi Machado: "GPO"
• In reply to: Daniel Billingsley: "What exactly is secedit.sdb"
• Next in thread: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Reply: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 29 Apr 2003 11:40:39 -0700

it stores a copy of many security settings. the real
settings are stored in the registry/filesystem. the
secedit.sdb refreshes the registry when "applying security
policy"

secedit.sdb holds the following settings:

[System Access]
\Account Policy\Password Policy\
[System Access]
\Account Policy\Account Lockout Policy\
[Kerberos Policy]
\Account Policy\Kerberos Policy\
[Event Audit]
\Local Policies\Audit Policy\
[Privilege Rights]
\Local Policies\USer Rights Assignment\
[Registry Values]
\Local Policies\Security Options\
[System Access]++
Automatically log off users when logon time expires (local)
Secure system partition (for RISC platforms only)
\Event log\Settings for Event logs\
[Event Audit]
[Application/Security/System Log]
Restricted Groups
System Services
Registry
File System

though on 2k/xp pro some of this settings are hidden in the
secedit.sdb, however a simple "modification" can correct
this, adding to fuctionality ;-) i have some rough notes on
the settings if your interested - email me.

>-----Original Message-----
>I understand c:\winnt\security\database\secedit.sdb is
crucial to lots of
>security settings, but I can't find anywhere in the doc or
technet that
>explains what exactly it is.
>
>Is it just the database that stores the local group policy?

• Next message: InfoSec: "Packet/Email Encryption Yes or No"
• Previous message: Maycon Rensi Machado: "GPO"
• In reply to: Daniel Billingsley: "What exactly is secedit.sdb"
• Next in thread: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Reply: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Power Management settings via Registry ... to use a GPO or change the registry keys to modify settings in Power ... this can be done through a policy using the ... Copy the powercfg.exe and the batch file to the netlogon share ... (microsoft.public.windowsxp.security_admin) Re: Grpedit.msc from bootable cd ... It is possible to affect the effectivity of a policy by ... changing only the registry. ... security settings exist elsewhere; somewhere in the NTFS which is ... (microsoft.public.windowsxp.basics) Re: Grpedit.msc from bootable cd ... Sam Hobbs wrote: ... It is possible to affect the effectivity of a policy by changing only the registry. ... The security settings are saved and applied elsewhere, I don't believe that you can restore the logon rights by registry modifications. ... (microsoft.public.windowsxp.basics) Re: Local Account & Password Policy Options Greyed out for Admins? ... it seems to have set the security settings back to what they should be. ... Still, the settings for the password and account lockout policies are greyed out, so they still cannot be changed. ... Reboot the computer and you should be able to change password policy in Local Security Policy. ... (microsoft.public.windowsxp.security_admin) Re: Why is Group Policy Limited to specific keys? ... "policies" sections would be). ... non policy keys just as easily. ... machine first process registry policy, it takes the contents of all of the ... overwritten by conflicting settings linked later in the processing cycle. ... (microsoft.public.win2000.group_policy)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint