Click here to get back home

Problems with backing up security database. Intrusion?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Problems with backing up security database. Intrusion? AllenM 02-10-2006
Get Chitika Premium
Posted by Roger Abell [MVP] on February 14, 2006, 12:47 am
Please log in for more thread options
 Have you recently updated the backup software or disables
the vss service (volume shadowing) ?
The security.sdb file should be handled in a normal way
as a part of the system state (however that application
does this collection of critical and of in-use files).
--
Roger Abell
Microsoft MVP (Windows Server : Security)

> Well maybe I spoke too soon. I just reviewed my backup log and it occured
> again over the weekend.
>
>> Thanks Roger and Karl. It appers the problem did correct itself after a
>> fresh reboot. Not sure why it required that but again rule of thumb "when
>> in doubt, reboot" seems to have resolved the issue. Thanks for the
>> explainations and suggestions.
>>
>>
>>> The last two days I have been receiving a failure when my backup program
>>> (CA BrightStor ArcServe) attempts to backup
>>> c:\windows\security\database\secedit.sbd. The error I get in the logs is
>>> "Unable to open file" and code EC=sharing violation. This file has
>>> always been on the backup schedule and and I reviewed the logs from the
>>> 3 days ago and it had no problems. What is this log used for and why am
>>> I now getting these errors and unable to backup this file. Do I have a
>>> security issue here?
>>>
>>>
>>
>>
>
>



Posted by karl levinson, mvp on February 14, 2006, 7:51 am
Please log in for more thread options
 I'm not surprised. I agree with Roger that we'd have to know how your
backup software is supposed to handle such in use files that are part of the
system state. This might be the way things are designed to work. You
shouldn't need that file unless you wanted to try to restore your Windows
installation, and if you wanted to do that, I'm not sure you'd want to
restore it from the CA backup you're doing now.

For backup solutions that aren't designed to capture system state files like
this one successfully, you can install and run the Backup utility that comes
with Windows, schedule it to run a system state backup before your CA
backup, and have CA back up the backup file created.


> Well maybe I spoke too soon. I just reviewed my backup log and it occured
> again over the weekend.
>
>> Thanks Roger and Karl. It appers the problem did correct itself after a
>> fresh reboot. Not sure why it required that but again rule of thumb "when
>> in doubt, reboot" seems to have resolved the issue. Thanks for the
>> explainations and suggestions.
>>
>>
>>> The last two days I have been receiving a failure when my backup program
>>> (CA BrightStor ArcServe) attempts to backup
>>> c:\windows\security\database\secedit.sbd. The error I get in the logs is
>>> "Unable to open file" and code EC=sharing violation. This file has
>>> always been on the backup schedule and and I reviewed the logs from the
>>> 3 days ago and it had no problems. What is this log used for and why am
>>> I now getting these errors and unable to backup this file. Do I have a
>>> security issue here?
>>>
>>>
>>
>>
>
>



Posted by AllenM on February 14, 2006, 6:40 pm
Please log in for more thread options
OK I do backup the System State. Perhaps I will exclude the file from the
C:\ backup session. There is nothing I have done with CA. This file has
always been backed up and until I recently posted this issue everything has
been fine. So if this file is part of the System State then it should be ok
to remove from the C: backup schedule?


> I'm not surprised. I agree with Roger that we'd have to know how your
> backup software is supposed to handle such in use files that are part of
> the system state. This might be the way things are designed to work. You
> shouldn't need that file unless you wanted to try to restore your Windows
> installation, and if you wanted to do that, I'm not sure you'd want to
> restore it from the CA backup you're doing now.
>
> For backup solutions that aren't designed to capture system state files
> like this one successfully, you can install and run the Backup utility
> that comes with Windows, schedule it to run a system state backup before
> your CA backup, and have CA back up the backup file created.
>
>
>> Well maybe I spoke too soon. I just reviewed my backup log and it occured
>> again over the weekend.
>>
>>> Thanks Roger and Karl. It appers the problem did correct itself after a
>>> fresh reboot. Not sure why it required that but again rule of thumb
>>> "when in doubt, reboot" seems to have resolved the issue. Thanks for the
>>> explainations and suggestions.
>>>
>>>
>>>> The last two days I have been receiving a failure when my backup
>>>> program (CA BrightStor ArcServe) attempts to backup
>>>> c:\windows\security\database\secedit.sbd. The error I get in the logs
>>>> is "Unable to open file" and code EC=sharing violation. This file has
>>>> always been on the backup schedule and and I reviewed the logs from the
>>>> 3 days ago and it had no problems. What is this log used for and why am
>>>> I now getting these errors and unable to backup this file. Do I have a
>>>> security issue here?
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Posted by Roger Abell [MVP] on February 14, 2006, 8:14 pm
Please log in for more thread options
Did you shut off / disable VSS, the volume shadow copy service ??

> OK I do backup the System State. Perhaps I will exclude the file from the
> C:\ backup session. There is nothing I have done with CA. This file has
> always been backed up and until I recently posted this issue everything
> has been fine. So if this file is part of the System State then it should
> be ok to remove from the C: backup schedule?
>
>
>> I'm not surprised. I agree with Roger that we'd have to know how your
>> backup software is supposed to handle such in use files that are part of
>> the system state. This might be the way things are designed to work.
>> You shouldn't need that file unless you wanted to try to restore your
>> Windows installation, and if you wanted to do that, I'm not sure you'd
>> want to restore it from the CA backup you're doing now.
>>
>> For backup solutions that aren't designed to capture system state files
>> like this one successfully, you can install and run the Backup utility
>> that comes with Windows, schedule it to run a system state backup before
>> your CA backup, and have CA back up the backup file created.
>>
>>
>>> Well maybe I spoke too soon. I just reviewed my backup log and it
>>> occured again over the weekend.
>>>
>>>> Thanks Roger and Karl. It appers the problem did correct itself after a
>>>> fresh reboot. Not sure why it required that but again rule of thumb
>>>> "when in doubt, reboot" seems to have resolved the issue. Thanks for
>>>> the explainations and suggestions.
>>>>
>>>>
>>>>> The last two days I have been receiving a failure when my backup
>>>>> program (CA BrightStor ArcServe) attempts to backup
>>>>> c:\windows\security\database\secedit.sbd. The error I get in the logs
>>>>> is "Unable to open file" and code EC=sharing violation. This file has
>>>>> always been on the backup schedule and and I reviewed the logs from
>>>>> the 3 days ago and it had no problems. What is this log used for and
>>>>> why am I now getting these errors and unable to backup this file. Do I
>>>>> have a security issue here?
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Similar ThreadsPosted
Oracle database security April 15, 2008, 1:48 am
corrupted local security database January 5, 2007, 3:44 pm
Unable to read any security database file February 7, 2007, 2:31 pm
Role-based security from Windows Server 2003 Security Guide gives problems November 6, 2006, 8:00 am
Persistent Security Alerts and Problems August 1, 2005, 4:41 pm
Mpack Intrusion November 6, 2007, 5:32 am
Backing up roaming profiles on W2K3 January 11, 2006, 1:37 pm
Secure your Oracle database from hackers April 15, 2008, 1:47 am
Extracting information from secedit database files (sdb) December 15, 2005, 4:28 pm
Moving server 2003 CA database file location November 6, 2006, 3:35 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap