JSI Tip 3252. You are unable to open the Local Group Policy database?

Jerold Schulman

January 14, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

When you attempt to use Local Group Policy, you receive:

Cannot open local security database

This can be caused by corrupt log files or a corrupt security database.

There a 3 possible resolutions:

1. Rename the log files:

    The log files are located at SystemRoot%Securitylogs.
    Create an OldSecurity sub-folder at SystemRoot%Security.
    Move the log files from %SystemRoot%Securitylogs to SystemRoot%SecurityOldSecurity.
    Shutdown and restart.

    If this does not solve your problem, try resolution 2.

2. Restore the security database:

    The secedit.sdb located at SystemRoot%SecurityDatabase.

    If this does not solve the problem, try resolution 3.

3. Recreate the security database:

    NOTE: All the Local Group Policy Settings will be Not Defined.
    Create an OldSecurity sub-folder at SystemRoot%Security.
    Move the log files from %SystemRoot%Securitylogs to SystemRoot%SecurityOldSecurity.
    Move the database from %SystemRoot%SecurityDatabaseSecedit.sdb to %SystemRoot%SecurityOldSecurity.
    Start / Run / MMC / OK.
    Console / Add/Remove Snap-in.
    Add the Security and Configuration Analysis snap-in. Press Close and OK.
    Right-click Security and Configuration Analysis and press Open Database.
    Navigate to the %SystemRoot%SecurityDatabase folder and type Secedit.sdb into File name and press Open.
    When prompted to import a template, select Setup security.inf.
    Press Open.
    NOTE: Ignore any Access Denied error.
    Right-click Security and Configuration Analysis and press Configure Computer Now.


Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like