How do I recreate secedit.sdb?

Guest · Mar 21, 2007

I had created some custom registry settings for my sceregvl.inf file,
but I've re-registered the original sceregvl.inf file now (this is on
Windows 2000).

The problem is that the secedit.sdb file still contains the values for
those custom registry settings, so those registry values are being set
every time my computer reboots, and I don't want that to happen.

How can I re-create the secedit.sdb file so that it doesn't contain
those custom registry settings anymore?

Can I export my local security policy to a .inf file, edit it to
remove the custom settings, delete the secedit.sdb file, and then
import the .inf file to create a new secedit.sdb file? Will that
work?

Does the secedit.sdb file contain anything that doesn't get saved when
I export my local security policy?

Roger Abell [MVP] · Mar 21, 2007

http://support.microsoft.com/kb/214752
(look at the very end of the KB)

Guest · Mar 21, 2007

http://support.microsoft.com/kb/214752
(look at the very end of the KB)

Hi Roger,

Yes I did see that article. But after I renamed the secedit.sdb to
secedit.old, the "secedit /refreshpolicy machine_policy /enforce"
command didn't do anything. It did not create a new secedit.sdb file.

Roger Abell [MVP] · Mar 21, 2007

Yes I did see that article. But after I renamed the secedit.sdb to
secedit.old, the "secedit /refreshpolicy machine_policy /enforce"
command didn't do anything. It did not create a new secedit.sdb file.

Hmmm - strange.
As a curiosity, is Help and Support service running?

Anyway, perhaps results will be different with procedure in
http://support.microsoft.com/kb/278316
Note however I would advise not using Setup Security.inf,
perhaps a copy from which I have removed the registry and
the filesystem sections. Contrary to popular belief (and some
older KB articles, setup security.inf does not reset the box
to the settings at setup, just something like them, and is not
always a safe operation, particularly relative to post install
changes to the system, installed features/option and/or apps).

Guest · Mar 21, 2007

Hmmm - strange.
As a curiosity, is Help and Support service running?

I am not in front of my Win2k computer right now, but I am pretty sure
that there is no service named "Help and Support" under Windows 2000.
I have disabled other services that I thought were unnecessary
though. Could the secedit command depend on any other services?

Anyway, perhaps results will be different with procedure inhttp://support.microsoft.com/kb/278316
Note however I would advise not using Setup Security.inf,
perhaps a copy from which I have removed the registry and
the filesystem sections. Contrary to popular belief (and some
older KB articles, setup security.inf does not reset the box
to the settings at setup, just something like them, and is not
always a safe operation, particularly relative to post install
changes to the system, installed features/option and/or apps).

Yes I had seen that article too, but was hoping for another solution
because my registry and filesystem settings may be different now after
applying SP4 and a bunch of other updates. But maybe I will try your
idea of removing the registry and filesystem sections from it.

But couldn't I just export a template from the Local Security Policy,
edit it to remove the custom settings, and then re-import the template
into the Local Security Policy (without using the Security
Configuration and Analysis at all)? Would that re-create the
secedit.sdb file?

Roger Abell [MVP] · Mar 22, 2007

I am not in front of my Win2k computer right now, but I am pretty sure
that there is no service named "Help and Support" under Windows 2000.
I have disabled other services that I thought were unnecessary
though. Could the secedit command depend on any other services?

Sorry - forgot your mention of W2k - was thinking XP

Yes I had seen that article too, but was hoping for another solution
because my registry and filesystem settings may be different now after
applying SP4 and a bunch of other updates. But maybe I will try your
idea of removing the registry and filesystem sections from it.

But couldn't I just export a template from the Local Security Policy,
edit it to remove the custom settings, and then re-import the template
into the Local Security Policy (without using the Security
Configuration and Analysis at all)? Would that re-create the
secedit.sdb file?

Not sure you could export with the corruption.

Guest · Mar 22, 2007

So does the secedit.sdb file only contain the Local Security Policy
settings? Or does it also contain Group Policy settings and/or other
things? Because if it contains things besides the Local Security
Policy settings, then when I re-create the file using the Setup
Security.inf template, those other things will be lost.

Roger Abell [MVP] · Mar 23, 2007

So does the secedit.sdb file only contain the Local Security Policy
settings? Or does it also contain Group Policy settings and/or other
things? Because if it contains things besides the Local Security
Policy settings, then when I re-create the file using the Setup
Security.inf template, those other things will be lost.

Any settings due to the domain environment gets pulled down,
but much of that is stored in the .pol files

Guest · Mar 23, 2007

Any settings due to the domain environment gets pulled down,
but much of that is stored in the .pol files

I've got a standalone workstation, but you are right, the group policy
settings are stored in the registry.pol files.

Thanks for your help, Roger.

Guest · Mar 24, 2007

I've got a standalone workstation, but you are right, the group policy
settings are stored in the registry.pol files.

Just a correction for my own sake: the registry.pol files store the
administrative template settings, and everything else in the group
policy editor (excluding the security settings) are saved under c:
\winnt\system32\GroupPolicy.

Roger Abell [MVP] · Mar 25, 2007

Did you manage to get a new sdb created yet? Which way?

Thanks,
Roger

Guest · Mar 27, 2007

Did you manage to get a new sdb created yet?

I will do it by this weekend.

Which way?

Isn't there only one way? Delete it and then apply the Setup
Security.inf template?

Guest · Apr 2, 2007

Did you manage to get a new sdb created yet? Which way?

The other idea that I had ended up working. In the Local Security
Policy editor, I exported the security settings to a .inf file. Then
I edited it to remove the custom values. I also deleted the
secedit.sdb file, went back into the Local Security Policy editor, and
imported the .inf file. It re-created the secedit.sdb file.

Roger Abell [MVP] · Apr 3, 2007

The other idea that I had ended up working. In the Local Security
Policy editor, I exported the security settings to a .inf file. Then
I edited it to remove the custom values. I also deleted the
secedit.sdb file, went back into the Local Security Policy editor, and
imported the .inf file. It re-created the secedit.sdb file.

Thanks for the post-back, resolution info.
I find it curious that you actually could export, which I was
wrongly assuming would not work due to also seeing the
sdb as corrupted.

Roger

What is correct way to create secedit.sdb file?	2	Apr 12, 2007
secedit.sdb question	6	Mar 11, 2004
secedit : Local security seetings not taking effect	6	Oct 3, 2007
Backing Up Local Policy Settings	6	May 6, 2004
Applying a security template: one setting not saved to secedit.sdb	0	Jun 6, 2007
loss of local system policies after applying SP4	1	Sep 23, 2003
sceregvl.inf Local Group Policy "Security Options" empty	1	Apr 26, 2007
Local security settings - secedit	5	Nov 24, 2004

How do I recreate secedit.sdb?

Guest

Roger Abell [MVP]

Guest

Roger Abell [MVP]

Guest

Roger Abell [MVP]

Guest

Roger Abell [MVP]

Guest

Guest

Roger Abell [MVP]

Guest

Guest

Roger Abell [MVP]

Ask a Question

Similar Threads