Re: Local security settings - secedit

From: Ravi Reddy (ravicreddy_at_gmail.com)
Date: 11/30/04 

Date: 30 Nov 2004 08:33:26 -0800

Thanks Steve,

Do you know where these local settings stored. If I take my 2003
server out of domain (moved to workgroup). I can see these settings in
local security settings MMC.

What is the use of secedit.sdb in 2003? I copied this to another
directory and ran a secedit /export on this db. The exported file is
empty. I am not sure any settings are stored in this DB in 2003. A
quick search through registry did not find anything either.

Ravi

"Steven L Umbach" <n9rou@N0sPaM-comcast.net> wrote in message news:<iObpd.95395$5K2.65332@attbi_s03>...
> I don't believe you can export the true local security settings of a domain
> computer. I found results similar to yours. For Windows 2003 when you are
> using the secedit /export command you really are exporting the "effective"
> settings for the computer's security policy . When you use the /mergedpolicy
> switch you are exporting those security settings that are defined at the
> domain/OU level that are overriding the local settings. I suppose if you
> want to find the true local settings [other than password policy possibly]
> you could create an OU with block inheritance enabled on it and move your
> computer into it, refresh the Group Policy on the domain controller and
> reboot the domain computer you want to analyze. --- Steve
>
>
> "ravi" <ravicreddy@gmail.com> wrote in message
> news:1101336638.982662.271510@f14g2000cwb.googlegroups.com...
> > Hello,
> >
> > Local security settings - secedit
> >
> > I am trying to export local security settings using secedit on windows
> > 2003.
> >
> > secedit /export /cfg local.inf /log local.log
> > secedit /export / mergedpolicy /cfg merged.inf /log merged.log
> >
> > My understanding is the first call gives local settings even if the
> > server is connected to domain and domain policy settings are
> > overriding.
> >
> > Second command gives the merged polices from domain based GPOs. The
> > number of settings are differenr in both cases, but the values always
> > seems to be domain values.
> >
> > Example: If I have minimum password length set to 8 chars on local and
> > 10 chars on domain, both the above commands gives 10 chars.
> >
> > I take the server out of domain (make it a stand alone server) then I
> > get a value of 8 on both cases.
> >
> > Any one else see this behavior? How do I dump settings from local
> > secedit.sdb?
> >
> > Thanks
> >
> > Ravi
> >

Relevant Pages

  • Re: Group Policy Issues
    ... Same with other settings like taskbar personalized settings. ... >> All local security settings will be displayed, ... >> given as to whether or not a given security setting is defined by Group ... > general page to find out your operating system. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy Issues
    ... Same with other settings like taskbar personalized settings. ... > "The Group Policy security settings that apply to this machine could not ... > All local security settings will be displayed, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Local security settings - secedit
    ... I don't believe you can export the true local security settings of a domain ... For Windows 2003 when you are ... settings for the computer's security policy. ...
    (microsoft.public.win2000.security)
  • Local security settings - secedit
    ... I am trying to export local security settings using secedit on windows ... 10 chars on domain, both the above commands gives 10 chars. ...
    (microsoft.public.win2000.security)
  • Re: Question about local security settings vs GPOs
    ... >>When I start SECPOL.MSC on one of my XP workstations in ... >>2000 domain and I look at the local security settings I ... >>LSDOU was the way policies are ...
    (microsoft.public.win2000.group_policy)