Solved

How to undo LabTechSoft's security policy after uninstall

Posted on 2015-01-01
4
144 Views
Last Modified: 2015-01-02
Hello fellow Geeks,

I have recently acquired a new customer who had a previous IT company using Labtech software's remote monitoring and support tool.

Now I'm not about to claim my tool is any better or worse, but the Labtech software install was like a virus as it has no uninstall option and you have to do about a 5 step process to remove it from the pc.....That's not so bad really...

But the security policy is left altered by the application.

Now normally I'd not have too much issue with that at this point, but some users in the building are locked down pretty tight and others, not so much.

Here are my questions:
Server 2008R2
Boxes all Win7


1.  If i use the MS method to "default local security policy" via command promt,  Will it break my existing connections to the domain server?  In other words, will it break anything?  (The goal is to get everyone back to same ness)

2.  If I reset the policy to default on the SERVER, will it break any client connections?  Will it break anything?  

3. If I reset "DOMAIN policy" on the server to default, will it break anything?

This is an in production domain controller and clients.

P.s.  Typically I build my own networks from scratch and they behave exactly like I expect them to, but since I'm inheriting a network, I'm a bit paranoid about just resetting default values as I've never had to do that before.

Thank you all for the help
Ike
0
Comment
Question by:Faxxer
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:McKnife
ID: 40527844
Hi Ike.

Small steps:
"But the security policy is left altered by the application" - how? Did it set registry keys? You are able to answer that by looking at Settings that are locked and see if what policies and registry keys those settings refer to, look them up in this excel sheet: http://www.microsoft.com/en-us/download/details.aspx?id=25250 (GPO reference by Microsoft)
If the labtech program is no longer active but their settings are still active, then they will have used registry keys and/or xml files (=local policies, see http://technet.microsoft.com/en-us/library/cc978247.aspx ).

So you will definitely be able to undo it then by resetting the client to defaults and reapplying your policies with a gpupdate. The method you are referring to in 1., what is it?
0
 

Author Comment

by:Faxxer
ID: 40527870
Hello McKnife!!!  Thank you for the reply...

The method in 1. I am referencing is the command line provided by Microsoft like this   “secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose”

But there is a little worry as they say it can render the OS unusable ....I'm certainly open to the least risky way of trying to reset policy.

I have been a fan of keeping security policy on the machines to their defaults, and train users on how to behave as most of my customers are small offices and I can give them alot of personal time.
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 40527894
Secedit should not be used anymore at vista/7/8.x. Either you
-undo the changes manually (using the list I linked and regedit)
-or you setup policies configured to disable the settings that the tool has set
-or you try to do an inplace upgrade of windows (aka a repair installation) which will reset security settings to the default. but remember, security settings are not all there might have been set.
0
 

Author Comment

by:Faxxer
ID: 40527917
Thank you for clarification on that...  I was wondering if that wasn't an outdated method myself but some guys still post on some sites about it.

I will follow your method to tred lightly and take my time rather than blast on in.

Thank you
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now