Click here to get back home

Problems with backing up security database. Intrusion?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Problems with backing up security database. Intrusion? AllenM 02-10-2006
Posted by AllenM on February 10, 2006, 12:56 pm
Please log in for more thread options
 The last two days I have been receiving a failure when my backup program (CA
BrightStor ArcServe) attempts to backup
c:\windows\security\database\secedit.sbd. The error I get in the logs is
"Unable to open file" and code EC=sharing violation. This file has always
been on the backup schedule and and I reviewed the logs from the 3 days ago
and it had no problems. What is this log used for and why am I now getting
these errors and unable to backup this file. Do I have a security issue
here?



Posted by Roger Abell [MVP] on February 11, 2006, 1:59 am
Please log in for more thread options
 That file is the repository of the local group policy settings.
Do you have this issue if a backup is attempted just after a fresh reboot?
Is your backup program allowed to update itself from the network?
Normal methods cannot touch that file as it is always in use, but the
backup software was evidently using correct imaging methods prior
to a couple days ago.

> The last two days I have been receiving a failure when my backup program
> (CA BrightStor ArcServe) attempts to backup
> c:\windows\security\database\secedit.sbd. The error I get in the logs is
> "Unable to open file" and code EC=sharing violation. This file has always
> been on the backup schedule and and I reviewed the logs from the 3 days
> ago and it had no problems. What is this log used for and why am I now
> getting these errors and unable to backup this file. Do I have a security
> issue here?
>
>



Posted by karl levinson, mvp on February 13, 2006, 7:41 am
Please log in for more thread options
No, doesn't sound like a sign of intrusion. If a database is open, any
backup of it would probably be unreliable anyways, so just ignore it. I
believe that file relates to the default "group policy" security
configuration settings that Windows repeatedly applies to the computer at
regular intervals.


> The last two days I have been receiving a failure when my backup program
> (CA BrightStor ArcServe) attempts to backup
> c:\windows\security\database\secedit.sbd. The error I get in the logs is
> "Unable to open file" and code EC=sharing violation. This file has always
> been on the backup schedule and and I reviewed the logs from the 3 days
> ago and it had no problems. What is this log used for and why am I now
> getting these errors and unable to backup this file. Do I have a security
> issue here?
>
>



Posted by AllenM on February 13, 2006, 11:20 am
Please log in for more thread options
Thanks Roger and Karl. It appers the problem did correct itself after a
fresh reboot. Not sure why it required that but again rule of thumb "when in
doubt, reboot" seems to have resolved the issue. Thanks for the
explainations and suggestions.


> The last two days I have been receiving a failure when my backup program
> (CA BrightStor ArcServe) attempts to backup
> c:\windows\security\database\secedit.sbd. The error I get in the logs is
> "Unable to open file" and code EC=sharing violation. This file has always
> been on the backup schedule and and I reviewed the logs from the 3 days
> ago and it had no problems. What is this log used for and why am I now
> getting these errors and unable to backup this file. Do I have a security
> issue here?
>
>



Posted by AllenM on February 13, 2006, 12:30 pm
Please log in for more thread options
Well maybe I spoke too soon. I just reviewed my backup log and it occured
again over the weekend.

> Thanks Roger and Karl. It appers the problem did correct itself after a
> fresh reboot. Not sure why it required that but again rule of thumb "when
> in doubt, reboot" seems to have resolved the issue. Thanks for the
> explainations and suggestions.
>
>
>> The last two days I have been receiving a failure when my backup program
>> (CA BrightStor ArcServe) attempts to backup
>> c:\windows\security\database\secedit.sbd. The error I get in the logs is
>> "Unable to open file" and code EC=sharing violation. This file has always
>> been on the backup schedule and and I reviewed the logs from the 3 days
>> ago and it had no problems. What is this log used for and why am I now
>> getting these errors and unable to backup this file. Do I have a security
>> issue here?
>>
>>
>
>



Similar ThreadsPosted
Oracle database security April 15, 2008, 1:48 am
corrupted local security database January 5, 2007, 3:44 pm
Unable to read any security database file February 7, 2007, 2:31 pm
Role-based security from Windows Server 2003 Security Guide gives problems November 6, 2006, 8:00 am
Persistent Security Alerts and Problems August 1, 2005, 4:41 pm
Mpack Intrusion November 6, 2007, 5:32 am
Backing up roaming profiles on W2K3 January 11, 2006, 1:37 pm
Secure your Oracle database from hackers April 15, 2008, 1:47 am
Extracting information from secedit database files (sdb) December 15, 2005, 4:28 pm
Moving server 2003 CA database file location November 6, 2006, 3:35 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap