Link to home
Start Free TrialLog in
Avatar of Faxxer
FaxxerFlag for United States of America

asked on

How to undo LabTechSoft's security policy after uninstall

Hello fellow Geeks,

I have recently acquired a new customer who had a previous IT company using Labtech software's remote monitoring and support tool.

Now I'm not about to claim my tool is any better or worse, but the Labtech software install was like a virus as it has no uninstall option and you have to do about a 5 step process to remove it from the pc.....That's not so bad really...

But the security policy is left altered by the application.

Now normally I'd not have too much issue with that at this point, but some users in the building are locked down pretty tight and others, not so much.

Here are my questions:
Server 2008R2
Boxes all Win7


1.  If i use the MS method to "default local security policy" via command promt,  Will it break my existing connections to the domain server?  In other words, will it break anything?  (The goal is to get everyone back to same ness)

2.  If I reset the policy to default on the SERVER, will it break any client connections?  Will it break anything?  

3. If I reset "DOMAIN policy" on the server to default, will it break anything?

This is an in production domain controller and clients.

P.s.  Typically I build my own networks from scratch and they behave exactly like I expect them to, but since I'm inheriting a network, I'm a bit paranoid about just resetting default values as I've never had to do that before.

Thank you all for the help
Ike
Avatar of McKnife
McKnife
Flag of Germany image

Hi Ike.

Small steps:
"But the security policy is left altered by the application" - how? Did it set registry keys? You are able to answer that by looking at Settings that are locked and see if what policies and registry keys those settings refer to, look them up in this excel sheet: http://www.microsoft.com/en-us/download/details.aspx?id=25250 (GPO reference by Microsoft)
If the labtech program is no longer active but their settings are still active, then they will have used registry keys and/or xml files (=local policies, see http://technet.microsoft.com/en-us/library/cc978247.aspx ).

So you will definitely be able to undo it then by resetting the client to defaults and reapplying your policies with a gpupdate. The method you are referring to in 1., what is it?
Avatar of Faxxer

ASKER

Hello McKnife!!!  Thank you for the reply...

The method in 1. I am referencing is the command line provided by Microsoft like this   “secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose”

But there is a little worry as they say it can render the OS unusable ....I'm certainly open to the least risky way of trying to reset policy.

I have been a fan of keeping security policy on the machines to their defaults, and train users on how to behave as most of my customers are small offices and I can give them alot of personal time.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Faxxer

ASKER

Thank you for clarification on that...  I was wondering if that wasn't an outdated method myself but some guys still post on some sites about it.

I will follow your method to tred lightly and take my time rather than blast on in.

Thank you