Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


can't undo security template...

Posted on 2006-03-22
Medium Priority
Last Modified: 2013-12-04
I have a windows 2003 server that I applied a locked down security template to. However, now it seems that when an installer is run it won't let it start the service that it creates. It says 'access denied'.
I went into security config. and analysis and put the LOCAL SERVICE and SERVICE accounts in the 'log on as a service' setting, but it still says access denied. Then I tried importing the 'compatws.inf' template and configuring that, but I still get access denied.

It seems like it's still getting those high security settings even though I've imported another template.

How can I apply new templates or at least engage the compatability one so that I can start the service and install the software?
Question by:wlandymore
  • 2
LVL 23

Expert Comment

ID: 16262117
If you are saying you ran the SCW, you'll need to run it again, and modify and update your configuration template to account for the new applications and services.

It's always a good idea to be wait to run the SCW until all applications and services that are going to be used on a server are installed and running (like IIS, etc.), so that you aren't going back through the SCW very often.

Author Comment

ID: 16310026
That doesn't answer the question at all. I'm trying to 'undo' a security template, not develop a policy on how they should be deployed.

I'm looking for a way to roll back to the original security configuration and like I said, I already applied the setup security template and that didn't work.
LVL 23

Accepted Solution

TheCleaner earned 2000 total points
ID: 16310795
Sorry, I saw SCA, and thought SCW.

You are saying you ran the default policy here: http://support.microsoft.com/kb/816585 , right?

From here: http://www.windowsecurity.com/articles/Settings_Windows_Server_2003_Secure_Part2.html

 new feature in Server 2003 security lets you easily reapply the default security settings if you’ve made changes. There are two ways to do this:

With the graphical interface
At the command line
To reapply the settings with the GUI, you use the Security Configuration and Analysis tool (create a custom MMC and add the Security Configuration and Analysis snap-in). Log on with the appropriate administrative privileges (local administrator to reapply default settings to the local computer or domain or enterprise admin privileges to reapply settings to a domain computer). You must import the appropriate template (DC security template for domain controllers or the setup security template for non-domain controllers), then do the following:

Check the Clear this database before importing checkbox.
Click Open.
Right click Security Configuration and Analysis in the console tree and select Configure Computer Now.
Specify a file path for the error log or accept the default path.
Click OK to perform the configuration.
You can also use the secedit command to reapply default settings for specific areas instead of applying the entire setup security template.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Screencast - Getting to Know the Pipeline

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question