Resetting system security settings to default

[guest]

Situation: the client had some viruses before but you have got rid of them all.
However, the security permissions on the files and registry keys have been
modified. Therefore, you would like to know how to reset all permissions
back to factory default.

According to our experience, this issue can occur if viruses have modified
files and registry permissions. Based on the current situation, I suggest
we perform the following steps to troubleshoot the issue.

Step 1: Use SubInAcl to reset whole registry permission
======================
SubInACL is a command-line tool that enables administrators to obtain
security information about files, registry keys, and services, and transfer
this information from user to user, from local or global group to group,
and from domain to domain.

1. Click the Download button (above) to start the download.
2. In the File Download dialog box, select Save this program to disk.
3. Select a location on your computer to save the file, and then click Save.
4. In Windows Explorer, go to the location where you saved the downloaded
file, double-click the file to start the installation process, and then
follow the instructions. The downloaded file is a Microsoft Software
Installer (.msi) file.

5. Create a file named reset.cmd in C:\Program Files\Windows Resource
Kits\Tools folder.

6. Edit the reset.cmd file with the following content.

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

7. Enter into CMD prompt.

8. Enter the following commands one at a time and click Enter.

cd\
cd "C:\Program Files\Windows Resource Kits\Tools"
reset.cmd

9. Wait a few minutes to finish the process.

For more information about the SubInAcl tool, you can refer to the
following link:
http://www.microsoft.com/downloads/deta ... d8fe-4a91-
93cf-ed6985e3927b&displaylang=en

Step 2: Use secedit to reset security policies
==================
Note: After security settings are applied, you cannot undo the changes
without restoring from a backup. If you are uncertain about resetting your
security settings back to the default security settings, you must make a
complete backup that includes the "System State" (the registry files).
Items that are reset include NTFS file system files and folders, the
registry, policies, services, privilege rights, and group membership.

To reset your operating system back to original installation default
security settings:

1. Click Start, click Run, type cmd, and then press ENTER.
2. For Windows XP, type the following command, and then press ENTER:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb
/verbose

You receive a "Task is completed" message, and a warning message that
something could not be done. You can safely ignore this message. For more
information about this message, view the %windir%\Security\Logs\Scesrv.log
file.

For more information on how to reset security settings back to the default,
we can refer to the following article.

How To Reset Security Settings Back to the Defaults
http://support.microsoft.com/?id=313222