Professional Documents
Culture Documents
The steps below do not apply to Windows XP Home Edition, or Windows Vista Home Basic and Home
Premium editions. To restore security setting for Home editions, either use the Microsoft Fix, System
Restore or a backup.Note After security settings are applied, you cannot undo the changes without restoring
from a backup. If you are uncertain about how to restore your security settings to the default settings, you
must make a complete backup that includes the System State (the registry files). Items that are reset
include NTFS file system files and folders, the registry, policies, services, permissions , and group
membership.
To restore your operating system to the original installation default security settings, follow these steps:
2.
In Windows XP
o Click Start, click Run, type cmd, and then press ENTER.
In Windows Vista
o Click Start and then type cmd in the Start Search box.
o In the results area, right-click cmd.exe, and then click Run as administrator. You
will be prompted to type the password for an administrator account. Click Continue if
you are the administrator or type the administrator password. Then, click Continue.
3. In Windows XP, type the following command, and then press ENTER:
In Windows Vista, type the following command, and then press ENTER:
You receive a "Task is completed" message and a warning message that something could not be
done. You can safely ignore this message. For more information about this message, see the
%windir%\Security\Logs\Scesrv.log file.
Next steps After you run this Microsoft Fix it (or complete these manual steps), standard user accounts
may no longer appear on the log on screen when you start your computer or try to switch users. This occurs
because standard user accounts are removed from the Users group when you reset Windows security
settings. To add the affected users accounts back to the Users group, follow these steps:
2. Click Accessories, and then click Command Prompt (Windows XP). Or right-click
3. In the Command Prompt window, type net users and then press ENTER. A list of user
accounts is displayed.
4. For each accountname listed in the Command Prompt that is missing from the log on or
switch user screen, type the following command and then press ENTER:
More information In Windows Vista, the Defltbase.inf file is a Security configuration template for the
default security. You can view the settings for this file in the following location:
%windir%\inf\defltbase.inf
• /DB file_name: Provides the path of a database that contains the security template to be
applied. This is a required argument. However, the database file does not have to exist if you
• /CFG file_name: This argument is valid only when you use it with the /DB parameter. It
is the path of the security template that will be imported into the database and applied to the
system. If you do not specify this argument, the template that is already stored in the database
is applied.
• /overwrite: This argument is valid only when the /CFG argument is also used. This
argument specifies whether the security template in the /CFG argument overwrites any
template or composite template that is stored in the database instead of appending the results
to the stored template. If this is not specified, the template in the /CFG argument is appended
system. The default is "all areas." Each area must be separated by a space.
AreaNameX Description
SECURITYPOLICY Local policy and domain policy for the system. This includes account policies, audit
policies, and other policies.
GROUP_MGMT Restricted group settings for any groups that are specified in the security
template.
Note Each area coincides with a similar name in the security template.
• /log logpath: You can use this switch to configure the location of the log file that tracks
the changes.
• /quiet: Reduces the feedback that is provided during the update on the screen and in the
log file.
For online Help about Secedit, click Start, click Run, type %windir%\help\secedit.chm, and then press
ENTER.