I'm working on an OS imaging process (Windows 10 IoT Enterprise, to be run in a kiosk mode, so no user access to desktop, etc.), and I'm working on the security template part of the process.

Windows security templates and secedit.exe are new to me, so I'm trying to learn a little about it all before applying a cookbook approach from books and online information.

What I can't quite figure out is what actually happens, relative to the /db parameter when doing the secedit.exe /configure command. For example, if I do:

> secedit.exe /configure /db c:\mysec.sdb /cfg c:\mytemplate.inf /overwrite

And then reboot...what next? Is c:\mysec.sdb now the permanent security database store? That doesn't quite seem right because I see examples where the command is something like:

> secedit.exe /configure /db temp.sdb ...

Does anybody know the details about what is really going on with this?

Thanks in advance!