1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setting the default local policies

Discussion in 'Active Directory Exams' started by simongrahamuk, Jun 8, 2006.

  1. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Is there a way to restore the default local security policy settings on Windows XP?

    If not is there a way to stop the clients from applying the local policy at the server end?

    Someone's been tinkering and it's gone wrong! :tune (No it wasn't me!)
     
  2. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Not sure if this is what you are looking for as I cant browse the site due to proxy settings here at work but it is listed on google as how to retore the default local security policy.

    http://ryf3hgf.info/search.php?aid=36294&said=typo6080&q=Restore+default+local+security+policy

    You could always import the basicwk.inf file via the local security settings snapin.

    Derek
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  3. csx

    csx Megabyte Poster

    511
    6
    81
    <ignore>
     
    Certifications: A+, Network+, 70-271 & 70-272, CCENT, VCP5-DCV and CCNA
    WIP: Citrix
  4. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Thanks for trying guy's, but neither of those are what I'm after.

    Derek, Yours simply takes me to another search and more links, none of which seems to be what I want, and Chris your link is for IPSec, which is different from Local Security Policy.

    Thanks anyway! 8)

    EDIT: Will do @ csx! :biggrin
     
  5. csx

    csx Megabyte Poster

    511
    6
    81
    Certifications: A+, Network+, 70-271 & 70-272, CCENT, VCP5-DCV and CCNA
    WIP: Citrix
  6. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    I've got a book on policies at home - I'll see if it has any clues when I get home later.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  7. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
  8. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Ok, someone has applied a load of local security policies on a number of XP PC's, so many that it will take ages to try and rectify. I don't want these policies on there, I want them to be applied by Domain GPO's.

    What I want to know is if there is either a way to reapply the default OOTB settings on the PC, or a way to Apply a Domain GPO so that the local policies dont get applied?

    The link that you have posted looks good d, but at the moment I havent got the time to go through it properly. Will do later.

    If I were to apply the basicwk.inf file are the settings the same as the default OOTB ones? :blink
     
  9. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  10. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    simon, are you talking about local security policies (secpol.msc), or local computer policies (gpedit.msc)?

    since local policies are processed first it's going to be difficult to disable them using a (site, domain or ou) gpo, because by the time the gpo runs, the local policies have already been applied. i also am not aware of any gpo setting that would disable local policies altogether, but i could be wrong. also keep in mind that because of this order, the gpo takes precedence over the local policies, so if you happen to know what they are changing, you can use the gpo to overrule them.

    still, if you still want to disable the local computer policies, you can use a little trick. you can set the ntfs permissions on the local computer policies (which are represented by the file %systemroot%\system32\grouppolicy\user (or machine)\registry.pol) to deny read. you can either do this manually, or by a gpo script (using xcacl.exe).
     
  11. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    d, you're a star!

    It's the Local computer policies (gpedit) that I was talking about. Unfortunately I'm not sure what settings have been changed, so simply applying a Domain Policy on them isn't really an option.

    I'll deny the NTFS permissions! :biggrin
     
  12. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    neat trick d, never thought of that one.

    Derek
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294

Share This Page

Loading...