We help IT Professionals succeed at work.

Reapplying default security policy

esbfern asked
Last Modified: 2013-12-04
We needed to make a change to the security settings on client computers.  Basically all users were brought down from PowerUsers to Users on their local computers.  When this happened some applications broke because the Localhost\users group didn't have access to write to certain folders.  Well instead of finding those folders, we granted to localhost\users group read/write to the C:\ and propigated those permissions down.  Now, this worked but we want to take the read\write away from the users group and only specify the certain folders read/write access to those users.  Basically we want to restore the default settings.
I've been reading about the setup security.inf file.  this file is created when windows is installed.  Basically we want to restore just the file permissions part of the setup security.inf file (as this is the only change we made) to what they were when the OS was installed.  We could deploy this via GPO but this template is very large and would cause strain on the network as when the policy is applied it would take some time to apply.  So, what I want to do is to utilize this setup security.inf file that is on all computers.  I would like to on startup call a batch file that would kick off a secedit to reapply the setup security.inf file on the local comptuer...thus utilizing a local copy of the setup security.inf file locally and not hinder the network.  Trying to get some peoples thoughts/concerns/and recomendations.

Many thanks.  
Watch Question


Also want to throw this out there.  I only need to reapply the Root settings.  I see there is a rootsec.inf template.  This looks like it may be what i need.  thoughts/concerns/comments?
Here's a MS KB article that describes the process you of restoring the default security permissions.  I hope this helps you.
How to reset security settings back to the defaults


I did see that article, but from looking at it, it will restore all settings when i only need to reapply the default settings that are applied at the root of C:\.  Isn't the rootsec.inf a better way to go?  the only change that was made was to grant users read/write at C:\ and to propogate that down.  
Distinguished Expert 2019
This one is on us!
(Get your first solution completely free - no credit card required)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.