JSI Tip 5571. How do I reset Windows 2000 / Windows XP security back to the default settings?

Jerold Schulman

July 31, 2002

1 Min Read
ITPro Today logo in a gray background | ITPro Today

If you have messed up security settings, you may want to reset them back to the installation default. The following security areas may be reset:

Area

Description

SECURITYPOLICY

Local policy and domain policy for the system, including account policies, audit policies, and other policies.

GROUP_MGMT

Restricted group settings for any groups that are specified in the security template

USER_RIGHTS

User logon rights and granting of privileges.

REGKEYS

Security on local registry keys.

FILESTORE

Security on local file storage.

SERVICES

Security for all defined services.

NOTE: Before you reset security, you should take a full backup, including the System State.

To reset the operating system back to the install defaults:

1. Open a CMD prompt.

2. Type:

secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose

3. If you receive a warning message, it can be ignored. See the %windir%SecurityLogsScesrv.log file.

The Secedit switches are:

Switch

Description

/configure

Required to set system security.

/DB

The security database, or if none exists, the /CFG switch must specify a security template. This switch is a required.

/CFG

The path to the security template used to create the database.

/overwrite

Used with the /CFG switch to prevent the template from being appended to the database template.

/Area

From the Area table, above. If no Area is specified, all Areas are used.

/log

The path to a different log files that you would prefer to use.

/verbose

Report and log detailed information.

/quiet

Report and log minimal information.

NOTE: Because secsetup.sdb does NOT exist, I didn't have to use the /overwrite switch.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like