How to restore XP policy defaults

By alameh ·
I am in the process of removing viruses from a friend's laptop, but one of the viruses has changed a number of system policies. For example, it turned off the ability to turn off system restore, disabled cmd access and the task manager, and a number of other things.

Through a boot disk wherewith I was able to edit a few of the registry entries, I managed to get the system to where I could turn off system restore, and I got rid of some of the virus' own registry entries (as well as its executable files), and am finally able to get an anti-virus program to scan the system (it's in the process of doing that right now).

A few things are still awry, though, such as the fact that the system still says that cmd access is disabled, even though the registry key for it IS set to 2, as it should be. Thus, there are still some residual effects, and it would be good for me to be able to restore whatever the default policy values are.

Even aside from this particular instance, there is another machine, belonging to someone else, where someone got overzealous with setting policies, to the point that many restrictions also got applied to the system administrator.

Thus, there are TWO reasons that I would like to be able to restore system, user, and group policy settings to their default values.

Any ideas?


This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

It may be a boring job

by nepenthe0 In reply to How to restore XP policy ...

Open the Group Policy Editor: gpedit.msc

Expand all categories, and make sure each entry is set not configured.

I am not aware of a way to reset all entries with a single command, but those skilled at writing batch files in DOS will probably post the answer for you.

If you really want to clean up the computer and restore it to its pristine uninfected state, do this:

1) Backup all personal files.

2) Run the Files & Settings Transfer Wizard (old computer), and save this folder to an external hard drive or USB flash drive.

3) Wipe the hard drive with Darik's Nuke and Boot:

4) Boot from the installation/recovery disc, format NTFS and reinstall the operating system.

5) Reinstall applications.

6) Run the Files and Settings Transfer Wizard in reverse to restore the user configuration.

7) Restore the personal files.
Image the clean installation with Norton Ghost:

and save to an external hard drive or CD.

Collapse -

Didn't help.

by alameh In reply to It may be a boring job

Thanks for the reply.

> Open the Group Policy Editor: gpedit.msc

Not found. Even if it were, I doubt it would work, since the policies are such that I cannot even start most of these tools.

This solution will definitely require external help, such as the registry editor of the boot disk I mentioned having used earlier.

> ...
> 3) Wipe the hard drive with Darik's Nuke and Boot:
> ...
> 5) Reinstall applications.
> ...

Typical Windows response to anything: **** it away and start over. If the virus was able to change these policies and permissions, then there MUST be a way to change them back.

Any other ideas?

Collapse -

OK, you must have the Home edition

by nepenthe0 In reply to It may be a boring job

I should not have assumed that you had XP Pro. The command I gave you is a valid command in XP Pro, but it doesn't work in XP Home, because XP Home lacks a Group Policy Editor.

That said, you can import one. Download and install TweakUI from Microsoft:

Open TweakUI > About > Policy > Run Group Policy Editor

My suggestions regarding a clean installation were not intended as a white wash or panacea; they were intended as solid repair rather than a half-baked patch. I have found that it takes no more time to do the job right; otherwise, one is pestered by annoyances that squander your time.

Rick/Portland, OR

Collapse -

Nope, again.

by alameh In reply to OK, you must have the [i] ...

XP-Pro, SP2.

Windows, itself, is an annoyance that squanders my time, but this isn't my computer, and the user's level of computer literacy is not sufficient for Linux.

Collapse -

See if this helps

by Jacky Howe In reply to How to restore XP policy ...

Post back and let us know how you get on.

Collapse -

Got CMD functionality back

by alameh In reply to See if this helps

Thanks. I had seen this, even before I had posted my question, but the command prompt had still been disabled, so it was useless at the time. Since then, I have been Googling for the individual permissions and setting them straight, and finally am able to use the command prompt again. From Micro$oft's description of it, it appears rather drastic, so I'm going to have to take some time to digest what exactly it will do, before this winds up absolutely requiring a re-install.

This is an older, used laptop that was given to this friend a while back, but does not have any Windows or driver CDs with it (and, more importantly, doesn't have the sticker with its Windows key, were I even to use a different CD, and it IS legitimate. Thus, aside from the usual hassle of a Windows re-install, there are other factors for which I would rather not do the re-installation, anyway.

Thanks again.

Collapse -

If you still

by Jacky Howe In reply to Got CMD functionality bac ...

can't access the msc try this.

Have you Registered the .DLL files, if not run this.
Copy and paste the lines below into Notepad and save it to the Desktop as load.bat
Double left click on it and it will re-register all of your .DLL files.
cd %windir%\system32
for %%s in (*.dll) do regsvr32 /s %%s

I just ran this on a PC it didn't seem to hurt anything.
Navigate to C:\WINDOWS\security\templates\setup security.inf and right click on setup security.inf and select Install.

About all I can think of at the moment.

Collapse -

restore XP policy defaults

by markod21uk In reply to How to restore XP policy ...

in a command prompt with admin privlages
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Back to Malware Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums