Re: What exactly is secedit.sdb

From: Peter Clark (clark_at_hushmail.com)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 12:30:03 -0700

if you use secpol.msc you get a cut down version. if you
use mmc and try and access the database you are denied. if
you create your own database it works good, but you don't
get the automated updates. if you *modify* you get full
access on the secedit.sdb and it updates for you.

yes, i am aware of xp direct access - this question was
asked on a 2k group.

>-----Original Message-----
>There aren't any hidden settings. You should use the
Local Security Policy
>editor (secpol.msc) to edit this database. On WinXP,
Local Security Policy
>edits the machine's security settings directly so there is
nothing stored
>for it in secedit.sdb. This DB is also used while
processing domain group
>policy.
>
>N
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Any included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm
>
>
>"Peter Clark" <clark@hushmail.com> wrote in message
>news:02c101c30e7e$d4e23ad0$a101280a@phx.gbl...
>> it stores a copy of many security settings. the real
>> settings are stored in the registry/filesystem. the
>> secedit.sdb refreshes the registry when "applying security
>> policy"
>>
>> secedit.sdb holds the following settings:
>>
>> [System Access]
>> \Account Policy\Password Policy\
>> [System Access]
>> \Account Policy\Account Lockout Policy\
>> [Kerberos Policy]
>> \Account Policy\Kerberos Policy\
>> [Event Audit]
>> \Local Policies\Audit Policy\
>> [Privilege Rights]
>> \Local Policies\USer Rights Assignment\
>> [Registry Values]
>> \Local Policies\Security Options\
>> [System Access]++
>> Automatically log off users when logon time expires (local)
>> Secure system partition (for RISC platforms only)
>> \Event log\Settings for Event logs\
>> [Event Audit]
>> [Application/Security/System Log]
>> Restricted Groups
>> System Services
>> Registry
>> File System
>>
>> though on 2k/xp pro some of this settings are hidden in the
>> secedit.sdb, however a simple "modification" can correct
>> this, adding to fuctionality ;-) i have some rough notes on
>> the settings if your interested - email me.
>>
>>
>> >-----Original Message-----
>> >I understand c:\winnt\security\database\secedit.sdb is
>> crucial to lots of
>> >security settings, but I can't find anywhere in the doc or
>> technet that
>> >explains what exactly it is.
>> >
>> >Is it just the database that stores the local group policy?
>
>
>.
>

Relevant Pages

  • Re: Error code = 4060
    ... divisional portals are running under a different app pool and identity than ... the corporate portal, and the identity of this pool, while having dbo rights ... portal's content database. ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: db_denydatawriter
    ... perhaps this also gives read write access on the database to this user? ... Resrictive permissions overrides in its own level. ... However, if she has sysadmin right, then she'll be able to modify that data. ... Is it possible she has some admin rights which override DenyWriter (though ...
    (microsoft.public.sqlserver.security)
  • Re: Complete Neophyte Question(s)
    ... No you cannot remove a login from the 'public' role. ... For rights to _use_ objects then the appropriate rights need to be granted ... GRANT SELECT ON dbo.Orders TO OrderViewers ... for a database that is supposed to be secured it is a bad idea ...
    (microsoft.public.sqlserver.security)
  • Re: SUUNTO Vyper PC i/f
    ... username and password. ... to enter the database password. ... I gained access to the data in Suunto v2 using it - but it will NOT allow ... have the rights to the program the DATA is MINE!! ...
    (uk.rec.scuba)
  • Re: "unable to lock database"
    ... rights to create the .ldb ... > file in the same folder as the .mdb. ... > I have some VB which opens a database file. ... > works if I am actually logged on as administrator. ...
    (microsoft.public.vb.database)