Re: Location of local policies

It depends on which policies you are talking about. Normall the local policy settings are stored in the local security database, which is normally at C:\WINDOWS\security\Database\secedit.sdb. Many settings are loaded directly from that file upon refreshing the group policy (including startup or login).

There are, however, many settings that are also stored in the Registry. Most programs will retrieve these settings from directly from the Registry, therefore the local group policy sets these values from the sdb file. If there is no value in the sdb file for a particular key it will stay as it is. So you can set most registry values directly in the registry unless there is a policy that overrides it.

On a domain controller there is also a local Domain Controller Security Policy that is located at C:\WINDOWS\SYSVOL\sysvol\...\...\{6AC1786C-016F-11D2-945F-00C04fB984F9}

I'm not sure why you want to know the storage location of these objects, but if you are looking to edit them directly, the secedit.sdb file is a form of a jet database that uses undocumented API functions and you can really only access that data using secedit.exe and security templates.

The domain controller's local policy is a text file at C:\WINDOWS\SYSVOL\sysvol\...\...\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf

You can actually edit this file and have the changes recognized if you increment the version number in C:\WINDOWS\SYSVOL\sysvol\...\...\{6AC1786C-016F-11D2-945F-00C04fB984F9}\GPT.ini

Perhaps if you shared what you are trying to accomplish I could give you some more useful information.


Mark Burnett
http://xato.net



"arielqs" <arielqs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:69819DAF-79D5-4B42-89A7-B26AAF9C9F7B@xxxxxxxxxxxxxxxx
Hi, does someone know something about the location of local policies? Some
people say that local policies are stored in the windows registry, but I am
not sure.

If someone can answer me and give me a formal reference about this, it would
be wonderful.

Thanks,

.

Relevant Pages

  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... > Server Security and Auditing Policy ... > This list only includes links in the domain of the GPO. ... > The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... >> Server Security and Auditing Policy ... >> The settings in this GPO can only apply to the following groups, users, ... >> Windows Firewall: Allow file and printer sharing exception Enabled ...
    (microsoft.public.win2000.group_policy)
  • Re: CompanyWeb - Password Dialogue Box in Terminal Server only
    ... Configure trusted sites and security settings of IE using policy ... one XP workstation with the problematic user account and setup RDP session ...
    (microsoft.public.windows.server.sbs)
  • Group Policy Case Solved
    ... I began with the "Security Options" under the Computer ... I modified the group policy from my Windows XP Pro workstation using ... many more settings than Windows 2000 does; ...
    (microsoft.public.win2000.security)