Tuesday, March 30, 2010

Resetting security policy, registry and file permissions on Windows computer.

Make sure to run this software as local or domain administrator to avoid possible permission and access issues. Below is insert from Microsoft Article ID: 949377 http://support.microsoft.com/kb/949377

Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows

To reset the registry and file permissions, follow these steps:
  1. Download and then install the Subinacl.exe file. To do this, visit the following Microsoft Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)
  2. Start Notepad.
  3. Copy and then paste the following text into Notepad.

    cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
  4. Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  5. Save this Notepad file as Reset.cmd.
  6. Double-click the Reset.cmd file to run the script. Note This script file may take a long time to run.

      7.   Reboot your computer after reset is done and command window has been closed.

For simplicity I have included reset_pc.zip archive containing both - subinacl.msi and reset.cmd files ready to run... Install Microsoft security tool first, before running reset batch file.

It's important to note that Microsoft has applied this procedure to it's Windows XP operating system... However, I had no problems running it on Windows Vista, and most likely it's going to be as effective on Microsoft Windows 7 and post 2000 Server OS (do not take my word for it - use this info at your own risk).

No comments:

Post a Comment