"The Group Policy security settings that apply to this machine could not be determined"

Windows 2003 Server, not running SP1.

When navigating to Security Options under Local Computer Policy>Windows Settings>Security Settings>Local Policies, I get the following, "The Group Policy security settings that apply to this machine could not be determined.  The error returned when trying to retreive these settings from the local security policy database (%windir%\security\database\secedit.sdb) was: The parameter is inccorrect."

(Forgive me if I misspelled anything.  Had to type that out.)

From what I've read so far, my security db is corrupt.  Fine.  Well, I've run the esenutl /r command, which tells me:

'Integrity check successful.'

With no errors.  But I still get the error in my .mmc.  I've tried rebuilding the database using:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scetroubletn.mspx?mfr=true

and

http://support.microsoft.com/?id=313222

and even

http://support.microsoft.com/kb/278316

No joy.  I'm at a loss.  I'm not even sure what I changed that caused this.  I thought I was just changing this:

http://support.microsoft.com/?kbid=281648

Because I was having trouble mapping a drive.

Any ideas would be greatly appreciated it.
fetiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fetiAuthor Commented:
I should add that when I try KB 278316, I get a permissions error.  "access is denied.  Import Failed Make sure you have the right permissions to this object."  I'm logged in as admin.
0
fetiAuthor Commented:
And when I try 313222 I get the following:

'An extended error has occurred.

The task has completed with an error.
See log %windir%\security\logs\scesrv.log for detail info.'

The great part is, scesrv.log is empty.
0
mcsa_2003Commented:
Hi,
you have DC?
what the error in event viewer?


Regards
0
fetiAuthor Commented:
Call to Microsoft fixed this.  Apparently doing this:

'LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security if negotiated - (default) send LM & NTLM responses'

is a bad thing.  The Microsoft tech walked me through deleting two registry keys in HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Control>MSV1_0 that referred to NTLM security.  I didn't copy down the names of the keys, unfortunately, but if you have anything other than (Default) and Auth2, that's probably the problem.

Oh, and he did this for no charge.  Woot me.

I'll be requesting a point refund.
0
GranModCommented:
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.