What exactly is secedit.sdb

From: Peter Clark (clark_at_hushmail.com)
Date: 04/29/03

• Next message: InfoSec: "Packet/Email Encryption Yes or No"
• Previous message: Maycon Rensi Machado: "GPO"
• In reply to: Daniel Billingsley: "What exactly is secedit.sdb"
• Next in thread: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Reply: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 29 Apr 2003 11:40:39 -0700

it stores a copy of many security settings. the real
settings are stored in the registry/filesystem. the
secedit.sdb refreshes the registry when "applying security
policy"

secedit.sdb holds the following settings:

[System Access]
\Account Policy\Password Policy\
[System Access]
\Account Policy\Account Lockout Policy\
[Kerberos Policy]
\Account Policy\Kerberos Policy\
[Event Audit]
\Local Policies\Audit Policy\
[Privilege Rights]
\Local Policies\USer Rights Assignment\
[Registry Values]
\Local Policies\Security Options\
[System Access]++
Automatically log off users when logon time expires (local)
Secure system partition (for RISC platforms only)
\Event log\Settings for Event logs\
[Event Audit]
[Application/Security/System Log]
Restricted Groups
System Services
Registry
File System

though on 2k/xp pro some of this settings are hidden in the
secedit.sdb, however a simple "modification" can correct
this, adding to fuctionality ;-) i have some rough notes on
the settings if your interested - email me.

>-----Original Message-----
>I understand c:\winnt\security\database\secedit.sdb is
crucial to lots of
>security settings, but I can't find anywhere in the doc or
technet that
>explains what exactly it is.
>
>Is it just the database that stores the local group policy?

---

• Next message: InfoSec: "Packet/Email Encryption Yes or No"
• Previous message: Maycon Rensi Machado: "GPO"
• In reply to: Daniel Billingsley: "What exactly is secedit.sdb"
• Next in thread: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Reply: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Power Management settings via Registry ... to use a GPO or change the registry keys to modify settings in Power ... this can be done through a policy using the ... Copy the powercfg.exe and the batch file to the netlogon share ... (microsoft.public.windowsxp.security_admin) Re: Desktop Icons Problem ... Tab / Performance Section / Settings Button / Visual Effects is ... Properties / Desktop Tab / Customize Desktop / Web Tab are unchecked ... workstation and I’m not afraid to go into the Registry and/or Policy ... (microsoft.public.windowsxp.general) Re: Grpedit.msc from bootable cd ... It is possible to affect the effectivity of a policy by ... changing only the registry. ... security settings exist elsewhere; somewhere in the NTFS which is ... (microsoft.public.windowsxp.basics) Re: Grpedit.msc from bootable cd ... Sam Hobbs wrote: ... It is possible to affect the effectivity of a policy by changing only the registry. ... The security settings are saved and applied elsewhere, I don't believe that you can restore the logon rights by registry modifications. ... (microsoft.public.windowsxp.basics) Re: Registry changes made via ADM file disappear after a reboot ... the ShowLogonOptions entry changes depending on ... if you assign it using Domain textbox on Logon Settings tab ... check the registry and I see the registry value change from a 1 to a 0. ... Just for good measure I applied the policy to every GPO that I ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)