JSI Tip 5571. How do I reset Windows 2000 / Windows XP security back to the default settings?

If you have messed up security settings, you may want to reset them back to the installation default. The following security areas may be reset:

Area Description
SECURITYPOLICY     Local policy and domain policy for the system, including account policies, audit policies, and other policies.
GROUP_MGMT Restricted group settings for any groups that are specified in the security template
USER_RIGHTS User logon rights and granting of privileges.
REGKEYS Security on local registry keys.
FILESTORE Security on local file storage.
SERVICES Security for all defined services.

NOTE: Before you reset security, you should take a full backup, including the System State.

To reset the operating system back to the install defaults:

1. Open a CMD prompt.

2. Type:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

3. If you receive a warning message, it can be ignored. See the %windir%\Security\Logs\Scesrv.log file.

The Secedit switches are:

Switch Description
/configure Required to set system security.
/DB The security database, or if none exists, the /CFG switch must specify a security template. This switch is a required.
/CFG The path to the security template used to create the database.
/overwrite Used with the /CFG switch to prevent the template from being appended to the database template.
/Area From the Area table, above. If no Area is specified, all Areas are used.
/log The path to a different log files that you would prefer to use.
/verbose Report and log detailed information.
/quiet Report and log minimal information.

NOTE: Because secsetup.sdb does NOT exist, I didn't have to use the /overwrite switch.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish