SECEDIT MMC and security templates

[Matt Fiddelke]

Here is the deal. I designed/altered security templates
using MMC and saved them. I have a few questions about
deploying them though. I deploy them I have to have an
sdb database file. I've created this computer with the
poper snap-in. I have successfully deployed the template
on my local machine, but when I run it on another PC
sometimes after changing the settings the machine
attempts to login to a workgroup as if it was a domain.
I'm running Netware 5.1 and instead of the default
setting being the local computer it changes it to a work
group. Why is this? Also can i use the database I
created via my machine to configure the other machines?

 

[Roger Abell]

Not sure about the log on to the workgroup issue,
but as there is no such thing I assume this has to
do with how the Novell piece ties into Windows.

I would suggest that you deploy to other machines
by using the template, not the sdb. Use secedit or
the Analysis and Configuration snap-in to apply
the template to the machine.

 

[Guest]

How exactly do i roll out the template without the
database. If I use SECEDIT it requres a database doesn't
it. How can I just apply the inf. I have tried right
clicking the file and choosing install but only about 1/3
of the settings stick when doing that. When using the
Analysis and Config snapin it requires a database as
well.... Or am I incorrect? If so what is the proper
way to do this without using a SDB file?

 

[Roger Abell]

With secedit you can just provide any name for
the sdb and it will create one for use as a temp
database while it compiles what is to be applied.

 

[Guest]

Excellent!
I successfully ran through this and the Database did
create. You mentioned this is just s temp file... Can
this be deleted after secedit runs, or would I have to
reboot first then delete it. I was thinking about
putting a del secsetup.sdb at the end of my batch file.
Do you see any problems with this approach?
Thanks so much for the help

 

[Roger Abell]

I have not tried the immediate delete. The temp
sdb can be used to reapply those settings that were
imported into it. XP has the habit of lazy handle
release, which means that files are often not immediately
seen as not in use when in fact their use is over, so this
may get in your way.

 

[Mauricio]

I tried just about everything in order to accomplish the
same thing you're trying.

I got a damaged SDB database and cannot figure out how to
create a new one, repair this one, or, just reset windows
xp security settings to its factory default. I too, am
desperatedly seeking for that answer !! Please let me
know if you find something.

Thanks,
Mauricio