JSI Tip 5571. How do I reset Windows 2000 / Windows XP security back to the default settings?
July 31, 2002
If you have messed up security settings, you may want to reset them back to the installation default. The following security areas may be reset:
Area | Description |
---|---|
SECURITYPOLICY | Local policy and domain policy for the system, including account policies, audit policies, and other policies. |
GROUP_MGMT | Restricted group settings for any groups that are specified in the security template |
USER_RIGHTS | User logon rights and granting of privileges. |
REGKEYS | Security on local registry keys. |
FILESTORE | Security on local file storage. |
SERVICES | Security for all defined services. |
NOTE: Before you reset security, you should take a full backup, including the System State.
To reset the operating system back to the install defaults:
1. Open a CMD prompt.
2. Type:
secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose
3. If you receive a warning message, it can be ignored. See the %windir%SecurityLogsScesrv.log file.
The Secedit switches are:
Switch | Description |
---|---|
/configure | Required to set system security. |
/DB | The security database, or if none exists, the /CFG switch must specify a security template. This switch is a required. |
/CFG | The path to the security template used to create the database. |
/overwrite | Used with the /CFG switch to prevent the template from being appended to the database template. |
/Area | From the Area table, above. If no Area is specified, all Areas are used. |
/log | The path to a different log files that you would prefer to use. |
/verbose | Report and log detailed information. |
/quiet | Report and log minimal information. |
NOTE: Because secsetup.sdb does NOT exist, I didn't have to use the /overwrite switch.
About the Author
You May Also Like