secedit.sdb question

[Guest]

I would like to export the current security settings that are currenlty applied to my win2000 box. This box contains settings that are applied via domain GPO's. What is the sdb file that contains the current settings applied, both local and domain? I viewed the secedit.sdb but that only shows what the local policy is but is much different then what is currenlty applied to the box via the domain gpo's. any ideas?

 

[Dusko Savatovic]

The best way would be to use Group Policy Management Console (GPMC), but it
only works from WinXP/2003 and needs dotNet Framework. With GPMC you can use
Group Policy Reporting functionality and check Resultant Set of Policy of
computers in your domain.
However, be aware that some policies may be applied to users and some to
computers.

Of course, there may be some commercial products on the market. I've heard
of FAZAM, but I haven't used it.

Dusko Savatovic

I would like to export the current security settings that are currenlty

applied to my win2000 box. This box contains settings that are applied via
domain GPO's. What is the sdb file that contains the current settings
applied, both local and domain? I viewed the secedit.sdb but that only
shows what the local policy is but is much different then what is currenlty
applied to the box via the domain gpo's. any ideas?

 

[Steven L Umbach]

You can use Group Policy Management Console to manage a W2K domain, but you need to
do it from an XP machine domain member. Otherwise you might try secedit /export with
the /mergedpolicy switch .--- Steve

http://www.microsoft.com/downloads/...4F-50CE-42C7-A401-30BE1EF647EA&displaylang=en
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/secedit_cmds.mspx
--- secedit.

 

[Guest]

After the local machine has been configured with domain gpo's after boot up \login are the settings stored in a sdb file or an inf file? I tried to export using secedit /export /MergedPolicy /CFG c:\sectemp.inf but since i left out the /DB it only exported the local settings. Is there anyway that i can export the currently applied settings to an inf file?

 

[Steven L Umbach]

I am not sure. I think most settings are stored in the sdb file. You could try
opening Local Security Policy and then export the security settings. Sometimes you
first need to expand a security category to make the export option show and then
select "effective policy". This should save applied settings for Local Security
Policy which would not include file/registry/restricted groups/system services. --
Steve

After the local machine has been configured with domain gpo's after boot up \login

are the settings stored in a sdb file or an inf file? I tried to export using
secedit /export /MergedPolicy /CFG c:\sectemp.inf but since i left out the /DB it
only exported the local settings. Is there anyway that i can export the currently
applied settings to an inf file?

 

[Guest]

where am i choosing effective policy within Security Config tool in windows 2000? I did try to already to opent he local sdb file but it only contained the settings are configured for the local security and not settings that have been applied as a whole to the box after authenticating to the domain .

 

[Steven L Umbach]

Open Local Security Policy on the computer. Expand any policy such as account policy.
The highlight security settings, right click and select export policy/effective
settings which will prompt you to name a .inf file to create. That should save your
effective policy to a template file except for file/registry/restricted
groups/services if that will help you. --- Steve

where am i choosing effective policy within Security Config tool in windows 2000?

I did try to already to opent he local sdb file but it only contained the settings
are configured for the local security and not settings that have been applied as a
whole to the box after authenticating to the domain .