How to modify default registry security values

Oscar Bergenbrink 0 Reputation points
2023-11-28T11:02:32.6033333+00:00

Hi,

When you have a client which is joined to a domain you can apply security policies through a gpo, i know these are stored in %WinDir%\System32\GroupPolicy and %WinDir%\System32\GroupPolicyUsers.

However, what I don't understand is: if I delete these it will revert back to local policies, where are they kept? How can I modify them so if someone breaks the trust with the domain/signs in with a local user it will not fall back on low security policies?

I know the registry values are stored in C:\Windows\System32\Config but is this the place to be? Should I load these hives and edit them?

I'm pretty in the dark here so I hope I make sense.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,599 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,934 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 21,046 Reputation points Microsoft Vendor
    2023-11-29T08:06:53.3533333+00:00

    Hello Oscar Bergenbrink,

    Thank you for posting in Q&A forum.

    We can see information from the link below.

    The Security Settings extension of the Local Group Policy Editor is part of the Security Configuration Manager tool set. The following components are associated with Security Settings: a configuration engine; an analysis engine; a template and database interface layer; setup integration logic; and the secedit.exe command-line tool. The security configuration engine is responsible for handling security configuration editor-related security requests for the system on which it runs. The analysis engine analyzes system security for a given configuration and saves the result. The template and database interface layer handles reading and writing requests from and to the template or database (for internal storage). The Security Settings extension of the Local Group Policy Editor handles Group Policy from a domain-based or local device. The security configuration logic integrates with setup and manages system security for a clean installation or upgrade to a more recent Windows operating system. Security information is stored in templates (.inf files) or in the Secedit.sdb database.

    You can check Secedit.sdb files and .inf files

    C:\Windows\security\database\Secedit.sdb
    C:\Windows\security\templates.inf

    For more information, please read here.
    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/security-policy-settings#persistence-of-security-settings-policy

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments No comments