We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


"The Group Policy security settings that apply to this machine could not be determined"

feti asked
Medium Priority
Last Modified: 2013-12-04
Windows 2003 Server, not running SP1.

When navigating to Security Options under Local Computer Policy>Windows Settings>Security Settings>Local Policies, I get the following, "The Group Policy security settings that apply to this machine could not be determined.  The error returned when trying to retreive these settings from the local security policy database (%windir%\security\database\secedit.sdb) was: The parameter is inccorrect."

(Forgive me if I misspelled anything.  Had to type that out.)

From what I've read so far, my security db is corrupt.  Fine.  Well, I've run the esenutl /r command, which tells me:

'Integrity check successful.'

With no errors.  But I still get the error in my .mmc.  I've tried rebuilding the database using:




and even


No joy.  I'm at a loss.  I'm not even sure what I changed that caused this.  I thought I was just changing this:


Because I was having trouble mapping a drive.

Any ideas would be greatly appreciated it.
Watch Question


I should add that when I try KB 278316, I get a permissions error.  "access is denied.  Import Failed Make sure you have the right permissions to this object."  I'm logged in as admin.


And when I try 313222 I get the following:

'An extended error has occurred.

The task has completed with an error.
See log %windir%\security\logs\scesrv.log for detail info.'

The great part is, scesrv.log is empty.
you have DC?
what the error in event viewer?



Call to Microsoft fixed this.  Apparently doing this:

'LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security if negotiated - (default) send LM & NTLM responses'

is a bad thing.  The Microsoft tech walked me through deleting two registry keys in HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Control>MSV1_0 that referred to NTLM security.  I didn't copy down the names of the keys, unfortunately, but if you have anything other than (Default) and Auth2, that's probably the problem.

Oh, and he did this for no charge.  Woot me.

I'll be requesting a point refund.
Closed, 500 points refunded.
The Experts Exchange
Community Support Moderator of all Ages

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.