[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 156
  • Last Modified:

How to undo LabTechSoft's security policy after uninstall

Hello fellow Geeks,

I have recently acquired a new customer who had a previous IT company using Labtech software's remote monitoring and support tool.

Now I'm not about to claim my tool is any better or worse, but the Labtech software install was like a virus as it has no uninstall option and you have to do about a 5 step process to remove it from the pc.....That's not so bad really...

But the security policy is left altered by the application.

Now normally I'd not have too much issue with that at this point, but some users in the building are locked down pretty tight and others, not so much.

Here are my questions:
Server 2008R2
Boxes all Win7


1.  If i use the MS method to "default local security policy" via command promt,  Will it break my existing connections to the domain server?  In other words, will it break anything?  (The goal is to get everyone back to same ness)

2.  If I reset the policy to default on the SERVER, will it break any client connections?  Will it break anything?  

3. If I reset "DOMAIN policy" on the server to default, will it break anything?

This is an in production domain controller and clients.

P.s.  Typically I build my own networks from scratch and they behave exactly like I expect them to, but since I'm inheriting a network, I'm a bit paranoid about just resetting default values as I've never had to do that before.

Thank you all for the help
Ike
0
Faxxer
Asked:
Faxxer
  • 2
  • 2
1 Solution
 
McKnifeCommented:
Hi Ike.

Small steps:
"But the security policy is left altered by the application" - how? Did it set registry keys? You are able to answer that by looking at Settings that are locked and see if what policies and registry keys those settings refer to, look them up in this excel sheet: http://www.microsoft.com/en-us/download/details.aspx?id=25250 (GPO reference by Microsoft)
If the labtech program is no longer active but their settings are still active, then they will have used registry keys and/or xml files (=local policies, see http://technet.microsoft.com/en-us/library/cc978247.aspx ).

So you will definitely be able to undo it then by resetting the client to defaults and reapplying your policies with a gpupdate. The method you are referring to in 1., what is it?
0
 
FaxxerAuthor Commented:
Hello McKnife!!!  Thank you for the reply...

The method in 1. I am referencing is the command line provided by Microsoft like this   “secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose”

But there is a little worry as they say it can render the OS unusable ....I'm certainly open to the least risky way of trying to reset policy.

I have been a fan of keeping security policy on the machines to their defaults, and train users on how to behave as most of my customers are small offices and I can give them alot of personal time.
0
 
McKnifeCommented:
Secedit should not be used anymore at vista/7/8.x. Either you
-undo the changes manually (using the list I linked and regedit)
-or you setup policies configured to disable the settings that the tool has set
-or you try to do an inplace upgrade of windows (aka a repair installation) which will reset security settings to the default. but remember, security settings are not all there might have been set.
0
 
FaxxerAuthor Commented:
Thank you for clarification on that...  I was wondering if that wasn't an outdated method myself but some guys still post on some sites about it.

I will follow your method to tred lightly and take my time rather than blast on in.

Thank you
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now