All, I was applying some DISA security settings on some Windows servers in a lab Monday afternoon, and rolled back some of the settings on Tuesday because there seemed to be some communication issues between the servers. As of Tuesday when I went home I was still able to get into the local security policy console.
>From Wednesday morning, however, I have not been able to view and/or change >any local security policies through secpol.msc. The local security policies >console opens but will not display any information - "The Group Policy security settings that apply to this machine could not be determined. The error returned when trying to retrieve these settings from the local security policy database was: The parameter is incorrect." I tried applying the repair *.inf template (in \windows\repair\secsetup.inf) using the following command line: secedit /configure /DB srr.sdb /CFG c:\srr\secsetup.inf /areas SECURITYPOLICY USER_RIGHTS And only got the following enlightening message - "An extended error has occurred" I googled on the above error message and found a reference to repairing a corrupted security database: esentutl /p %windir%\security\database\secedit.sdb, which appeared to run successfully, but it didn't actually fix the problem. I tried recreating the security database with another reference I'd found; rename old secedit.sdb database, open MMC, security config and analysis, create new security database with same name and location as old one, using the "setup security.inf" template, and got this error message: "Access is denied. Import failed. Make sure that you have the right permissions to this object", even though I'm logged in as a member of the administrators group, and the admin group has full control permissions over all the appropriate folders and files. I'm stumped and not sure where to go from here. At this point, I can't get into the local security policy console at all to be able to roll back on any security policies. Anyone have any ideas? Oh, the servers are all Windows 2003, up to date on all patches and service packs. The servers were built from disk images taken from a Windows domain environment, but are currently in a workgroup environment. When applying the DISA security settings, I didn't change any registry or file system permissions, but did turn on auditing for both. PG --------------------------------------------------------------------------- ---------------------------------------------------------------------------
