locked
When does secedit.sdb get applied RRS feed

  • Question

  • The application I support requires the user to use a laptop disconnected from the network. When the user has finished with the laptop it is reconnected to the network.

    The laptop is a member of a W2K3 domain. When off the network the user logs on to the local machine (no cached logins).

     

    I want one set of security policy to apply when the laptop is disconnected from the network and a different set to apply when the laptop is connected to the network.

     

    I thought I had achieved this by creating a secedit.sdb (conatining the local secutiy policy to use when the machine is disconnected from the network) and placing it in c:\windows\security\database.

     

    When the laptop is connected to the network the domain security policy is applied (that's fine). However if I disconnect the laptop and reboot the laptop the domain security policy is still there. I would have thought that the local security policy contained in secedit.sdb would have been applied but it has not been.

     

    I have used the Security Configuration and Analysis snap in to check the security policy applied and the contents of secedit.sdb. secedit.sdb contains the local security policy I set up for a disconnected laptop but the security policy applied is the domain policy.

     

    So when does the content of secedit.sdb get applied?

    Thursday, April 5, 2007 9:32 AM