JSI Tip 6550. How do I manually edit the Gpttmpl.inf file to stop inheritance?

NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.

Microsoft Knowledge Base article Q278436 contains:


This article describes how to manually edit the Gpttmpl.inf file to stop inheritance. Inheritance occurs when the security policies and assigned permissions are passed down from one object (the parent object) to the objects that are below it in the folder hierarchy (child objects).


You can edit the Gpttmpl.inf file so the ACL configuration that is set on the parent folder is not passed down to folders below it. To edit the Gpttmpl.inf file to stop inheritance:

Note For folders where this procedure has been applied, the folder must be protected again before the line is applied again. Before you apply the following procedure, locate the folder or file where you want to stop inheritance, and then make sure that the correct security settings are implemented. The "0" switch resets all permissions on child objects, and causes the children to completely inherit from the parent without resetting explicit (non-inherited) permissions on child objects. This resets explicit permissions on child objects and inherited permissions. The "2" switch resets all permissions on child objects, and causes the child objects to completely inherit from the parent object.

Warning Before you follow these steps, back up the Gpttmpl.inf file.

Part 1: Edit the Gpttmpl.inf File

  1. Click Start, point to Search, and then click For Files or Folders.
  2. In the Search for files or folders named box, type Gpttmpl.inf.
  3. When the search process is complete, double-click the Gpttmpl.inf file.
  4. Locate the line of code that corresponds to the file or folder that you want to edit. For example, the following code corresponds to the "Documents and Settings" folder on drive C:
    "C:\Documents and Settings",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;CINP;0x00100001;;;BU"
  5. To avoid resetting explicit permissions in a subfolder, change the "2" to a "0" (zero).
  6. On the File menu, click Save.
  7. On the File menu, click Close.

Part 2: Implement the Policy Change

  1. Click Start, and then click Run.
  2. In the Open box, type secedit /refreshpolicy machine_policy /enforce, and then click OK.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.