Re: Local security settings - secedit
From: Glenn L (the.only(delete)_at_gmail.com)
Date: 11/27/04
- Next message: jswain_at_mindspring.com: "Permissions Question"
- Previous message: Steven L Umbach: "Re: How to restrict rights to only allow users to add or remove or modify user account and group settings"
- In reply to: Steven L Umbach: "Re: Local security settings - secedit"
- Next in thread: Steven L Umbach: "Re: Local security settings - secedit"
- Reply: Steven L Umbach: "Re: Local security settings - secedit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Nov 2004 22:54:28 -0800
If the workstation has never had any changes made to the local, then you can
simply view C:\WINDOWS\security\templates\setup security.inf
This is the out of the box security template applied to all XP workstations.
-- Glenn L CCNA, MCSE (2000,2003) + Security "Steven L Umbach" <n9rou@N0sPaM-comcast.net> wrote in message news:iObpd.95395$5K2.65332@attbi_s03... >I don't believe you can export the true local security settings of a domain > computer. I found results similar to yours. For Windows 2003 when you are > using the secedit /export command you really are exporting the "effective" > settings for the computer's security policy . When you use the > /mergedpolicy > switch you are exporting those security settings that are defined at the > domain/OU level that are overriding the local settings. I suppose if you > want to find the true local settings [other than password policy possibly] > you could create an OU with block inheritance enabled on it and move your > computer into it, refresh the Group Policy on the domain controller and > reboot the domain computer you want to analyze. --- Steve > > > "ravi" <ravicreddy@gmail.com> wrote in message > news:1101336638.982662.271510@f14g2000cwb.googlegroups.com... >> Hello, >> >> Local security settings - secedit >> >> I am trying to export local security settings using secedit on windows >> 2003. >> >> secedit /export /cfg local.inf /log local.log >> secedit /export / mergedpolicy /cfg merged.inf /log merged.log >> >> My understanding is the first call gives local settings even if the >> server is connected to domain and domain policy settings are >> overriding. >> >> Second command gives the merged polices from domain based GPOs. The >> number of settings are differenr in both cases, but the values always >> seems to be domain values. >> >> Example: If I have minimum password length set to 8 chars on local and >> 10 chars on domain, both the above commands gives 10 chars. >> >> I take the server out of domain (make it a stand alone server) then I >> get a value of 8 on both cases. >> >> Any one else see this behavior? How do I dump settings from local >> secedit.sdb? >> >> Thanks >> >> Ravi >> > >
- Next message: jswain_at_mindspring.com: "Permissions Question"
- Previous message: Steven L Umbach: "Re: How to restrict rights to only allow users to add or remove or modify user account and group settings"
- In reply to: Steven L Umbach: "Re: Local security settings - secedit"
- Next in thread: Steven L Umbach: "Re: Local security settings - secedit"
- Reply: Steven L Umbach: "Re: Local security settings - secedit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
