We needed to make a change to the security settings on client computers. Basically all users were brought down from PowerUsers to Users on their local computers. When this happened some applications broke because the Localhost\users group didn't have access to write to certain folders. Well instead of finding those folders, we granted to localhost\users group read/write to the C:\ and propigated those permissions down. Now, this worked but we want to take the read\write away from the users group and only specify the certain folders read/write access to those users. Basically we want to restore the default settings.
I've been reading about the setup security.inf file. this file is created when windows is installed. Basically we want to restore just the file permissions part of the setup security.inf file (as this is the only change we made) to what they were when the OS was installed. We could deploy this via GPO but this template is very large and would cause strain on the network as when the policy is applied it would take some time to apply. So, what I want to do is to utilize this setup security.inf file that is on all computers. I would like to on startup call a batch file that would kick off a secedit to reapply the setup security.inf file on the local comptuer...thus utilizing a local copy of the setup security.inf file locally and not hinder the network. Trying to get some peoples thoughts/concerns/and recomendations.