Link to home
Start Free TrialLog in
Avatar of treytucker
treytucker

asked on

How do i get my GPO to override my local security policy

I have inherited a WinXP PRo Sp3 computer that the previous admin did some local security policy edits on. This machine is a member of my domain. Even when logging in with Domain Admin rights, I am unable to run regedit, change the computer name, open ANY mmc, etc. How can i use my GPO to disable whatever local security the previous admin has put on this machine? I ran the following command, and had no luck with that either, "secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose"  i had found an article stating that would remove any local security policies in effect, but it did not.

Let me know if you need any further info!
Thanks in advance for your help.
Avatar of jody_j_houghton
jody_j_houghton
This may be a stupid answer but...  Have you tried dropping the computer into a new OU and running gpupdate /force  ?
Avatar of treytucker
treytucker

ASKER

Unfortunately I have done that and it did not work.
Avatar of flubbster
flubbster
Flag of United States of America image
You could always replace the registry hives in the system32 folder with the ones in the repair folder. These would be the original default registry hives when the system was installed. Of course, if you are hoping to keep and functioning applications, they would have to be re-installed after this operation.
Avatar of treytucker
treytucker

ASKER

How do I replace the registry hives in the system 32 folder?
Thanks
ASKER CERTIFIED SOLUTION
Avatar of Zaphod1620
Zaphod1620
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of flubbster
flubbster
Flag of United States of America image
The active registry hives are here:

 %SystemRoot%\System32\Config\:

The backups are located in c:\windows\repair and are defined as follows:

Sam  HKEY_LOCAL_MACHINE\SAM
Security  HKEY_LOCAL_MACHINE\SECURITY
Software  HKEY_LOCAL_MACHINE\SOFTWARE
System  HKEY_LOCAL_MACHINE\SYSTEM
Default  HKEY_USERS\.DEFAULT

I would boot to command prompt, and copy them one by one. NOTE: the system file will be called system.bak  Rename it to just system when copying.

ex.

copy c:\windows\repair\system.bak c:\windows\system32\config\system