Setting the default local policies

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Is there a way to restore the default local security policy settings on Windows XP?

If not is there a way to stop the clients from applying the local policy at the server end?

Someone's been tinkering and it's gone wrong! (No it wasn't me!)

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Not sure if this is what you are looking for as I cant browse the site due to proxy settings here at work but it is listed on google as how to retore the default local security policy.

http://ryf3hgf.info/search.php?aid=36294&said=typo6080&q=Restore+default+local+security+policy

You could always import the basicwk.inf file via the local security settings snapin.

Derek

 

<ignore>

 

Thanks for trying guy's, but neither of those are what I'm after.

Derek, Yours simply takes me to another search and more links, none of which seems to be what I want, and Chris your link is for IPSec, which is different from Local Security Policy.

Thanks anyway!

EDIT: Will do @ csx!

 

Yea, sorry realised after reading the site again.

I've found this - http://www.microsoft.com/resources/.../all/proddocs/en-us/lpe_topnode.mspx?mfr=true

This is the Windows XP Documentation - http://www.microsoft.com/resources/.../all/proddocs/en-us/lpe_topnode.mspx?mfr=true

But after reading the instructions i'm not sure if it'll reset the settings...

 

I've got a book on policies at home - I'll see if it has any clues when I get home later.

Harry.

 

not sure what you want to do, simon. is this what you need? http://technet2.microsoft.com/windowsserver/en/library/dd766d48-ed09-45a3-aa5e-cf0a64a7fb881033.mspx

 

Ok, someone has applied a load of local security policies on a number of XP PC's, so many that it will take ages to try and rectify. I don't want these policies on there, I want them to be applied by Domain GPO's.

What I want to know is if there is either a way to reapply the default OOTB settings on the PC, or a way to Apply a Domain GPO so that the local policies dont get applied?

The link that you have posted looks good d, but at the moment I havent got the time to go through it properly. Will do later.

If I were to apply the basicwk.inf file are the settings the same as the default OOTB ones?

 

Before appling the .inf you can compare what the results will be after it's applied, you would need to compare them on an XP machine that has not had the policy settings changes though.

Setup a VM and give it a go.

Take a look at this doc to find out how to do it

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/scm_analyze.mspx?mfr=true

Derek

 

simon, are you talking about local security policies (secpol.msc), or local computer policies (gpedit.msc)?

since local policies are processed first it's going to be difficult to disable them using a (site, domain or ou) gpo, because by the time the gpo runs, the local policies have already been applied. i also am not aware of any gpo setting that would disable local policies altogether, but i could be wrong. also keep in mind that because of this order, the gpo takes precedence over the local policies, so if you happen to know what they are changing, you can use the gpo to overrule them.

still, if you still want to disable the local computer policies, you can use a little trick. you can set the ntfs permissions on the local computer policies (which are represented by the file %systemroot%\system32\grouppolicy\user (or machine)\registry.pol) to deny read. you can either do this manually, or by a gpo script (using xcacl.exe).

 

d, you're a star!

It's the Local computer policies (gpedit) that I was talking about. Unfortunately I'm not sure what settings have been changed, so simply applying a Domain Policy on them isn't really an option.

I'll deny the NTFS permissions!

 

neat trick d, never thought of that one.

Derek