Re: What exactly is secedit.sdb
From: Daniel Billingsley (dbillingsley_at_NO.durcon.SPAAMM.com)
Date: 04/29/03
- Next message: Daniel Billingsley: "Re: Local Security Policy on domain controller?"
- Previous message: Frank Pappajohn: "Dialup users can't access SOME resources"
- In reply to: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
- Next in thread: Peter Clark: "Re: What exactly is secedit.sdb"
- Reply: Peter Clark: "Re: What exactly is secedit.sdb"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Apr 2003 16:14:46 -0400
So, to further clarify...
when the documentation talks about the "local group policy" it's essentially
talking about this database, right? Yes, I understand as with most (all?)
group policy settings, they are ultimately registry settings.
And when the machine goes through it's periodic policy refresh procedure, it
would look first in the local secedit.sdb and compare to the registry, and
then pull down from AD, according to the order of policy settings priority,
right?
"Nick Finco [MSFT]" <nfinco@online.microsoft.com> wrote in message
news:%23tsWvFoDDHA.2824@TK2MSFTNGP11.phx.gbl...
> There aren't any hidden settings. You should use the Local Security
Policy
> editor (secpol.msc) to edit this database. On WinXP, Local Security
Policy
> edits the machine's security settings directly so there is nothing stored
> for it in secedit.sdb. This DB is also used while processing domain group
> policy.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Any included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Peter Clark" <clark@hushmail.com> wrote in message
> news:02c101c30e7e$d4e23ad0$a101280a@phx.gbl...
> > it stores a copy of many security settings. the real
> > settings are stored in the registry/filesystem. the
> > secedit.sdb refreshes the registry when "applying security
> > policy"
> >
> > secedit.sdb holds the following settings:
> >
> > [System Access]
> > \Account Policy\Password Policy\
> > [System Access]
> > \Account Policy\Account Lockout Policy\
> > [Kerberos Policy]
> > \Account Policy\Kerberos Policy\
> > [Event Audit]
> > \Local Policies\Audit Policy\
> > [Privilege Rights]
> > \Local Policies\USer Rights Assignment\
> > [Registry Values]
> > \Local Policies\Security Options\
> > [System Access]++
> > Automatically log off users when logon time expires (local)
> > Secure system partition (for RISC platforms only)
> > \Event log\Settings for Event logs\
> > [Event Audit]
> > [Application/Security/System Log]
> > Restricted Groups
> > System Services
> > Registry
> > File System
> >
> > though on 2k/xp pro some of this settings are hidden in the
> > secedit.sdb, however a simple "modification" can correct
> > this, adding to fuctionality ;-) i have some rough notes on
> > the settings if your interested - email me.
> >
> >
> > >-----Original Message-----
> > >I understand c:\winnt\security\database\secedit.sdb is
> > crucial to lots of
> > >security settings, but I can't find anywhere in the doc or
> > technet that
> > >explains what exactly it is.
> > >
> > >Is it just the database that stores the local group policy?
>
>
- Next message: Daniel Billingsley: "Re: Local Security Policy on domain controller?"
- Previous message: Frank Pappajohn: "Dialup users can't access SOME resources"
- In reply to: Nick Finco [MSFT]: "Re: What exactly is secedit.sdb"
- Next in thread: Peter Clark: "Re: What exactly is secedit.sdb"
- Reply: Peter Clark: "Re: What exactly is secedit.sdb"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
