Questions

How to restore XP policy defaults

Tags:
+
0 Votes
Locked

How to restore XP policy defaults

alameh
I am in the process of removing viruses from a friend's laptop, but one of the viruses has changed a number of system policies. For example, it turned off the ability to turn off system restore, disabled cmd access and the task manager, and a number of other things.

Through a boot disk wherewith I was able to edit a few of the registry entries, I managed to get the system to where I could turn off system restore, and I got rid of some of the virus' own registry entries (as well as its executable files), and am finally able to get an anti-virus program to scan the system (it's in the process of doing that right now).

A few things are still awry, though, such as the fact that the system still says that cmd access is disabled, even though the registry key for it IS set to 2, as it should be. Thus, there are still some residual effects, and it would be good for me to be able to restore whatever the default policy values are.

Even aside from this particular instance, there is another machine, belonging to someone else, where someone got overzealous with setting policies, to the point that many restrictions also got applied to the system administrator.

Thus, there are TWO reasons that I would like to be able to restore system, user, and group policy settings to their default values.

Any ideas?

Thanks!
  • +
    0 Votes
    nepenthe0

    Open the Group Policy Editor: gpedit.msc

    Expand all categories, and make sure each entry is set not configured.

    I am not aware of a way to reset all entries with a single command, but those skilled at writing batch files in DOS will probably post the answer for you.

    If you really want to clean up the computer and restore it to its pristine uninfected state, do this:

    1) Backup all personal files.

    2) Run the Files & Settings Transfer Wizard (old computer), and save this folder to an external hard drive or USB flash drive.

    3) Wipe the hard drive with Darik's Nuke and Boot:

    http://dban.sourceforge.net/

    4) Boot from the installation/recovery disc, format NTFS and reinstall the operating system.

    5) Reinstall applications.

    6) Run the Files and Settings Transfer Wizard in reverse to restore the user configuration.

    7) Restore the personal files.
    Image the clean installation with Norton Ghost:

    http://tinyurl.com/5s7gw8

    and save to an external hard drive or CD.

    +
    0 Votes
    alameh

    Thanks for the reply.

    > Open the Group Policy Editor: gpedit.msc

    Not found. Even if it were, I doubt it would work, since the policies are such that I cannot even start most of these tools.

    This solution will definitely require external help, such as the registry editor of the boot disk I mentioned having used earlier.

    > ...
    > 3) Wipe the hard drive with Darik's Nuke and Boot:
    > ...
    > 5) Reinstall applications.
    > ...

    Typical Windows response to anything: **** it away and start over. If the virus was able to change these policies and permissions, then there MUST be a way to change them back.

    Any other ideas?

    +
    0 Votes
    nepenthe0

    I should not have assumed that you had XP Pro. The command I gave you is a valid command in XP Pro, but it doesn't work in XP Home, because XP Home lacks a Group Policy Editor.

    That said, you can import one. Download and install TweakUI from Microsoft:

    http://tinyurl.com/2meyw

    Open TweakUI > About > Policy > Run Group Policy Editor

    My suggestions regarding a clean installation were not intended as a white wash or panacea; they were intended as solid repair rather than a half-baked patch. I have found that it takes no more time to do the job right; otherwise, one is pestered by annoyances that squander your time.

    Rick/Portland, OR

    +
    0 Votes
    alameh

    XP-Pro, SP2.

    Windows, itself, is an annoyance that squanders my time, but this isn't my computer, and the user's level of computer literacy is not sufficient for Linux.

    +
    0 Votes
    Jacky Howe

    Post back and let us know how you get on.

    http://support.microsoft.com/kb/313222

    +
    0 Votes
    alameh

    Thanks. I had seen this, even before I had posted my question, but the command prompt had still been disabled, so it was useless at the time. Since then, I have been Googling for the individual permissions and setting them straight, and finally am able to use the command prompt again. From Micro$oft's description of it, it appears rather drastic, so I'm going to have to take some time to digest what exactly it will do, before this winds up absolutely requiring a re-install.

    This is an older, used laptop that was given to this friend a while back, but does not have any Windows or driver CDs with it (and, more importantly, doesn't have the sticker with its Windows key, were I even to use a different CD, and it IS legitimate. Thus, aside from the usual hassle of a Windows re-install, there are other factors for which I would rather not do the re-installation, anyway.

    Thanks again.

    +
    0 Votes
    Jacky Howe

    can't access the msc try this.

    Have you Registered the .DLL files, if not run this.
    Copy and paste the lines below into Notepad and save it to the Desktop as load.bat
    Double left click on it and it will re-register all of your .DLL files.
    ---------------------------------------
    C:
    cd %windir%\system32
    for %%s in (*.dll) do regsvr32 /s %%s

    ---------------------------------------
    I just ran this on a PC it didn't seem to hurt anything.
    Navigate to C:\WINDOWS\security\templates\setup security.inf and right click on setup security.inf and select Install.

    About all I can think of at the moment.

    +
    0 Votes
    markod21uk

    in a command prompt with admin privlages
    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

  • +
    0 Votes
    nepenthe0

    Open the Group Policy Editor: gpedit.msc

    Expand all categories, and make sure each entry is set not configured.

    I am not aware of a way to reset all entries with a single command, but those skilled at writing batch files in DOS will probably post the answer for you.

    If you really want to clean up the computer and restore it to its pristine uninfected state, do this:

    1) Backup all personal files.

    2) Run the Files & Settings Transfer Wizard (old computer), and save this folder to an external hard drive or USB flash drive.

    3) Wipe the hard drive with Darik's Nuke and Boot:

    http://dban.sourceforge.net/

    4) Boot from the installation/recovery disc, format NTFS and reinstall the operating system.

    5) Reinstall applications.

    6) Run the Files and Settings Transfer Wizard in reverse to restore the user configuration.

    7) Restore the personal files.
    Image the clean installation with Norton Ghost:

    http://tinyurl.com/5s7gw8

    and save to an external hard drive or CD.

    +
    0 Votes
    alameh

    Thanks for the reply.

    > Open the Group Policy Editor: gpedit.msc

    Not found. Even if it were, I doubt it would work, since the policies are such that I cannot even start most of these tools.

    This solution will definitely require external help, such as the registry editor of the boot disk I mentioned having used earlier.

    > ...
    > 3) Wipe the hard drive with Darik's Nuke and Boot:
    > ...
    > 5) Reinstall applications.
    > ...

    Typical Windows response to anything: **** it away and start over. If the virus was able to change these policies and permissions, then there MUST be a way to change them back.

    Any other ideas?

    +
    0 Votes
    nepenthe0

    I should not have assumed that you had XP Pro. The command I gave you is a valid command in XP Pro, but it doesn't work in XP Home, because XP Home lacks a Group Policy Editor.

    That said, you can import one. Download and install TweakUI from Microsoft:

    http://tinyurl.com/2meyw

    Open TweakUI > About > Policy > Run Group Policy Editor

    My suggestions regarding a clean installation were not intended as a white wash or panacea; they were intended as solid repair rather than a half-baked patch. I have found that it takes no more time to do the job right; otherwise, one is pestered by annoyances that squander your time.

    Rick/Portland, OR

    +
    0 Votes
    alameh

    XP-Pro, SP2.

    Windows, itself, is an annoyance that squanders my time, but this isn't my computer, and the user's level of computer literacy is not sufficient for Linux.

    +
    0 Votes
    Jacky Howe

    Post back and let us know how you get on.

    http://support.microsoft.com/kb/313222

    +
    0 Votes
    alameh

    Thanks. I had seen this, even before I had posted my question, but the command prompt had still been disabled, so it was useless at the time. Since then, I have been Googling for the individual permissions and setting them straight, and finally am able to use the command prompt again. From Micro$oft's description of it, it appears rather drastic, so I'm going to have to take some time to digest what exactly it will do, before this winds up absolutely requiring a re-install.

    This is an older, used laptop that was given to this friend a while back, but does not have any Windows or driver CDs with it (and, more importantly, doesn't have the sticker with its Windows key, were I even to use a different CD, and it IS legitimate. Thus, aside from the usual hassle of a Windows re-install, there are other factors for which I would rather not do the re-installation, anyway.

    Thanks again.

    +
    0 Votes
    Jacky Howe

    can't access the msc try this.

    Have you Registered the .DLL files, if not run this.
    Copy and paste the lines below into Notepad and save it to the Desktop as load.bat
    Double left click on it and it will re-register all of your .DLL files.
    ---------------------------------------
    C:
    cd %windir%\system32
    for %%s in (*.dll) do regsvr32 /s %%s

    ---------------------------------------
    I just ran this on a PC it didn't seem to hurt anything.
    Navigate to C:\WINDOWS\security\templates\setup security.inf and right click on setup security.inf and select Install.

    About all I can think of at the moment.

    +
    0 Votes
    markod21uk

    in a command prompt with admin privlages
    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose