Re: Local security settings - secedit
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/27/04
- Previous message: Roger Abell: "Re: NTFS File Permissions."
- In reply to: Glenn L: "Re: Local security settings - secedit"
- Next in thread: Ravi Reddy: "Re: Local security settings - secedit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Nov 2004 18:23:03 GMT
That is a big if which is what I think he is trying to determine. --- Steve
"Glenn L" <the.only(delete)@gmail.com> wrote in message
news:uLeAJ1E1EHA.3324@tk2msftngp13.phx.gbl...
>
> If the workstation has never had any changes made to the local, then you
> can simply view C:\WINDOWS\security\templates\setup security.inf
> This is the out of the box security template applied to all XP
> workstations.
>
>
> --
> Glenn L
>
> CCNA, MCSE (2000,2003) + Security
> "Steven L Umbach" <n9rou@N0sPaM-comcast.net> wrote in message
> news:iObpd.95395$5K2.65332@attbi_s03...
>>I don't believe you can export the true local security settings of a
>>domain
>> computer. I found results similar to yours. For Windows 2003 when you are
>> using the secedit /export command you really are exporting the
>> "effective"
>> settings for the computer's security policy . When you use the
>> /mergedpolicy
>> switch you are exporting those security settings that are defined at the
>> domain/OU level that are overriding the local settings. I suppose if you
>> want to find the true local settings [other than password policy
>> possibly]
>> you could create an OU with block inheritance enabled on it and move your
>> computer into it, refresh the Group Policy on the domain controller and
>> reboot the domain computer you want to analyze. --- Steve
>>
>>
>> "ravi" <ravicreddy@gmail.com> wrote in message
>> news:1101336638.982662.271510@f14g2000cwb.googlegroups.com...
>>> Hello,
>>>
>>> Local security settings - secedit
>>>
>>> I am trying to export local security settings using secedit on windows
>>> 2003.
>>>
>>> secedit /export /cfg local.inf /log local.log
>>> secedit /export / mergedpolicy /cfg merged.inf /log merged.log
>>>
>>> My understanding is the first call gives local settings even if the
>>> server is connected to domain and domain policy settings are
>>> overriding.
>>>
>>> Second command gives the merged polices from domain based GPOs. The
>>> number of settings are differenr in both cases, but the values always
>>> seems to be domain values.
>>>
>>> Example: If I have minimum password length set to 8 chars on local and
>>> 10 chars on domain, both the above commands gives 10 chars.
>>>
>>> I take the server out of domain (make it a stand alone server) then I
>>> get a value of 8 on both cases.
>>>
>>> Any one else see this behavior? How do I dump settings from local
>>> secedit.sdb?
>>>
>>> Thanks
>>>
>>> Ravi
>>>
>>
>>
>
>
- Previous message: Roger Abell: "Re: NTFS File Permissions."
- In reply to: Glenn L: "Re: Local security settings - secedit"
- Next in thread: Ravi Reddy: "Re: Local security settings - secedit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
