none
Quick way to reset all security permissions to default? (Windows 7)

    Question


  • Hi there

    Re: Windows 7 advanced security settings

    Some of the permissions have been changed and I would like to find a way to reset all the permissions to the default settings.  Can anyone provide a quick way to reset all permissions to default? I would be truly grateful. Thanks. :-)

    Kind regards

    meTech
    Thursday, January 07, 2010 10:59 AM

Answers

  • Or you can seek on the Knowledge Base ... http://support.microsoft.com/kb/313222 :)
    Tis article is for windows vista but i works also for windows 7.

    Just run in a evalated prompt the following command.
    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    Kind Regards

    DFT


    IM me - TWiTTer: @DFTER
    • Marked as answer by meTech Friday, January 08, 2010 9:42 PM
    Friday, January 08, 2010 1:05 PM

All replies

  • this would be handy for Crackerz ^^...i think that formula still doesnt exist but the only thing that i know u can reset to default is the windows firewall....
    Nways w8 for the MSFT answerers and see if they have the miracle receipe!
    Kind regards,
    RR
    Thursday, January 07, 2010 2:42 PM
  • Or you can seek on the Knowledge Base ... http://support.microsoft.com/kb/313222 :)
    Tis article is for windows vista but i works also for windows 7.

    Just run in a evalated prompt the following command.
    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    Kind Regards

    DFT


    IM me - TWiTTer: @DFTER
    • Marked as answer by meTech Friday, January 08, 2010 9:42 PM
    Friday, January 08, 2010 1:05 PM
  • Hi RR

    Thanks for your input.

    Regards

    meTech
    Friday, January 08, 2010 9:38 PM
  • Hi DFT

    Thanks for your help. That was what I was looking for, I'll give that a go.

    All the best

    meTech
    • Marked as answer by meTech Friday, January 08, 2010 9:42 PM
    • Unmarked as answer by meTech Friday, January 08, 2010 9:42 PM
    Friday, January 08, 2010 9:41 PM
  • Hi MeTech,
    My Bad lol =/
    if u can perform that then its easy for  crackers to do the same in a remote secure machine ¬¬

    RR
    Friday, January 08, 2010 10:31 PM

  • Hi RR

    Sorry, but I'm a little confused as to what you actually mean - and for that matter who "crackerz" is??  Please pardon my ignorance, but perhaps you could explain. :-)

    Regards

    meTech
    Monday, January 11, 2010 4:26 AM
  • hi Metech sorry for that i kind of wrote it in a rush to it came out like that...a bit senseless but not completely hehe ^^
    lemme rephrase it for ya :
    i meant if u can reset the security settings by typing that command line it would be the same way for bad hackers as soon as they grant access to ur machine...at least i think in that way hehe
    Pardon me about the Bad english ,its nt my first language ;)
    Kind regards,
    RR
    Monday, January 11, 2010 10:40 PM
  • Hi RR

    Thats cool. I get what you are saying.

    Unfortunately in this case, I'm not completely sure whether the suggestions made have set things to default anyhow. How do you really know?

    Thanks for your input.

    All the best

    meTech
    Tuesday, January 12, 2010 8:20 PM
  • the posting above tell you how to reset the SECURITY settings on Pro and above level vista and win 7 pro and above I assume.

    if this is what you are talking about then yes it should have no problem.
    If you have a HOME class OS then no.
    Did you receive a "Task is completed" message, and a warning message that something could not be done????
    Tuesday, January 12, 2010 10:31 PM
  • Hi there

    I am running Windows 7 Ultimate (64-bit).
    Yes, I did get the 'task completed' and 'warning' message, indicating that things were normal.

    However, I am thinking now that perhaps it has NOT done what I was expecting.  If you say that this procedure resets the "security" settings to default, then I am assuming you mean the "Windows Firewall with Advanced Security" settings.  Actually, when I said "security permissions" I was refering to the "Advanced Security for Users" settings.

    Perhaps I should have been clearer with my request for help. . . .
    Is there a quick way to reset all the permissions for the "Advanced Security for Users" to the default settings?

    Path ... Users Properties> Security Tab> Advanced> Permissions> Change Permissions

    My apologies for the confusion caused. Hopefully this has clarified things.  Thanks. :-)

    Kind regards

    meTech
    Tuesday, January 12, 2010 11:21 PM
  • Then no the above is not what you are looking for, when I read your post I was thinking NTFS Permissions.
    File and folder access.

    My home 7 workstation suffered a thermal event...CPU fan died..so it is down until I replace the fan, so I can not "see" what it is you are looking for.
    Wednesday, January 13, 2010 12:47 AM
  • AWW...Bubba u mean those permissions like in the C:\ or C:\program files folders? the permissions? OMG i just reinstalled my system due to a misconfiguration and i messed up with the permissions ..i set to replace the child objects permissions etc etc...is that what u saying bout the command line above? does it reset to defaults just like when u just installed windows 7?
    will be expecting ur reply buddy!
    Kind regards,
    RR

    Wednesday, January 13, 2010 8:41 PM
  • hi Metech sorry for that i kind of wrote it in a rush to it came out like that...a bit senseless but not completely hehe ^^
    lemme rephrase it for ya :
    i meant if u can reset the security settings by typing that command line it would be the same way for bad hackers as soon as they grant access to ur machine...at least i think in that way hehe
    Pardon me about the Bad english ,its nt my first language ;)
    Kind regards,
    RR


    If an evil hacker has physical access to your computer, it is "owned".  End of story.

    Walt

    Thursday, February 03, 2011 1:09 PM
  • Correct Walt, except if you have disk encryption like Bitlocker :)
    IM me - TWiTTer: @DFTER
    Thursday, February 03, 2011 4:15 PM
  • I tried secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose but the locked files still locked and I cannot access them! Any suggestions?
    Tuesday, February 22, 2011 7:41 PM
  • If I am reading the above correctly the above command(run as Admin) resets all the Windows Folder and File premissions to their default security settings. You would only need to do this if you(or someone else) had actually changed the folder/file premissions in the first place. To get folder/file access(full control or read/write/excute/modify ect) you need to  change the file premissions or ownership. Checout this link http://www.blogsdna.com/2159/how-to-take-ownership-grant-permissions-to-access-files-folder-in-windows-7.htm.
    Tuesday, March 08, 2011 3:19 PM
  • Uberwolf, Thank You!

    You have saved me alot of hard work, that post was exactly what I needed, after google didn't provide much help on the subject or did not apply to my problem I started to consider a reinstall.

    Thanks again

    PS Sorry if I have hijacked a post but it looked finished, I just wanted to give credit were its due.

    Thursday, May 26, 2011 10:15 AM
  • Or you can seek on the Knowledge Base ... http://support.microsoft.com/kb/313222 :)
    Tis article is for windows vista but i works also for windows 7.

    Just run in a evalated prompt the following command.
    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    Kind Regards

    DFT


    IM me - TWiTTer: @DFTER

    Corrupt permissions are ruining my life. Microsoft Technet showed a command that helps a bit.

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    This command line string is helping with one Security tab, but leaves serious system threats untouched in other Security tabs.

    1. Do we "run as Administrator", or something more?
    2. Where is the best place to run this command?
    3. Why is this command resetting object permissions, but leaving in place corrupt file ownership?

    I am running as Administrator, clearing corrupt permissions that appear for reasons I don't understand in Properties > Security > Permissions.

    But in the Owner tab, any corrupt Current owner permission is not touched by SecEdit. SecEdit fixes permissions corruption, but only for a few minutes! What triggers corrupt permissions in the system?

    I am running cmd as administrator and travelling to each disk root to paste and run the secedit command string. Without this direct disk attachment, the command doesn't do anything. But SecEdit is simply making it less likely that I have to Audit ownership before taking back ownership of eack disk. Bandaid only. Not a solution.

    After running SecEdit, I use Windows Explorer to open Computer, and one-by-one for each disk, confirm permission resets. Properties > Security > Advanced
    > Permissions > Change Permissions > Add ... check for corrupt Names, Remove any found - may have to take ownership first. Notice all the "may have to's". THe situation is relentlessly chaotic.

    After SecEdit runs, the Security tabs corrupt differently:
    Auditing > Continue > Add ... rarely shows corruption
    Owner ... and  Owner > Edit ... most frequently show corruption

    Is anyone else getting the same HKU permission corruption, where HKU numeric Keys are taking away SYSTEM and User permissions?

    Current Owner: S-1-5-21-1677977301-2589601805-3516838272-1000

    REALLY tired of resetting corruption, sometimes every 5 minutes all day long. Typically I save any file and get a popup telling me "illegal characters" and then that numeric is owner again. Once a corrupt permission establishes, the speed of corrupt extension grows. One instance of corruption, I can just reset Properties > Advanced > Owner > Edit > select correct Owner in Name list, check Replace owner on subcontainers and objects > Apply.

    But leave that chore for another 5 minutes and the Owner tab options will be completely corrupted. I have to use Auditing > Continue > Add > Advanced > Find New > select a legitimate Name > OK > OK > check Full control > OK > Apply ... then into Owner and Permission tabs and then Remove all the numeric crap.

    Leave it for a day, and only recourse is report to Symantec (could be a bug, right) and report to Microsoft - both their engineers just look, hum-hah and can't come up with a-n-y-t-h-i-n-g to explain why numerics have locked us out and are the only permissions entity! Windows 7-64 on the rocks and upside down.

    Every 5 minutes! Is there another way to secure Windows permissions?

    symantecmanagers@services01.norton.com is the only next step offered so far. Symantec is getting tired of my complaints, and their bug tool can't find a known virus, so they are "not interested". What if someone is making new viruses using my system? I really need to know, IS ANYONE ELSE HAVING THIS ISSUE?

    Sunday, January 15, 2012 9:32 AM
  • the secedit proceedure described in previous posting is an extension of the secedit procedure used in XP and 2000.  Just do it.  Both reg and folders are security are changed.  also gives back the securety type of the user when user manager will not allow it.  Carefull though, administrator account is disabled again.
    Wednesday, January 18, 2012 12:53 AM
  • Just FYI for others who come across this thread. secedit can't fix all security related issues in Vista and newer OS's  and is not supported by Microsoft to use on Vista and above.  And it may make things worse.
    Thursday, February 09, 2012 7:12 PM
  • We have an urgent problem, after we replaced user permission to read to entire C: root and all subfolders. Main problem is, that these permissions are inheritated also to other user folders, which means that in public computers, a user can access and read other user´s documents.

    When I run the command secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose as admin, situation does not change. I get lot of Warning 5: Access Denied and error settings security on machine\software classes

    Maybe those errors has nothing to do with this, but how I can ensure, that users can´t access another user´s local files?

    Friday, May 03, 2013 11:44 AM
  • Just ran the command offered by DFT (secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose) from my admin account, and it blew away my user account - I had one admin account and one user account (named 'carl'), and now I only have the admin account.

    The files in the user account are still there (desktop, documents, downloads, etc.). Is there an easy way to restore the account? I was thinking of renaming the users\carl folder, creating a new 'carl' account, then copying the files from the previous account into the new 'carl' folder, but can someone tell me where the profile settings for that account are stored? I should be able to restore the account completely by copying the existing files over, and replacing the new account's profile files with those of the old account, shouldn't I?

    Thanks,

    joe

    Sunday, June 23, 2013 9:37 PM
  • Just googled for the user profile location - are they in the users folder with the rest of the files? Could it be that easy?
    Sunday, June 23, 2013 9:44 PM
  • Please read the entire paragraph...

    Beginning with Windows Vista, the method to apply the security during operating system setup changed. Specifically, security settings consisted of settings defined in deftbase.inf augmented by settings applied by the operating installation process and server role installation. Because there is no supported process to replay the permissions made by the operating system setup, the use of the “secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose” command line is no longer capable of resetting all security defaults and may even result in the operating system becoming unstable

    emphasis is mine...

    Thursday, June 27, 2013 8:19 PM
  • Hello

    After using the "Solution"offered by Microsoft (the command which ruined your settings), some standard user accounts might not show on your screen when you start your computer or when you change a user account. This problem is caused due to the deletion of the standard user accounts from the users group during the resetting of the windows security parameters. To add these accounts back again to the users group just do as follows:

    1. Click start, then click All programs, or click programs.

    2. Click Accessories, then Command prompt(Windows XP). Or click with your right mouse button on Command prompt, then click Run as administrator(Windows Vista).

    3. In the Command prompt window type net users and hit Enter. A list of user accounts will show.

    4. In the command prompt, For each Account_name not being present in the log file or on the changing users screen, type the following command and hit Enter:

    net localgroup users Account_name /add

    THIS IS A TRANSLATED SOLUTION FROM THE FRENCH MICROSOFT SUPPORT PAGE.

    ORIGINAL LINK  supportdotmicrosoftdotcom/kb/313222

    I hope it helps... ;)


    • Edited by Cristore Wednesday, August 07, 2013 6:41 AM your stupid system doesn't want to verify my account!
    Wednesday, August 07, 2013 6:36 AM
  • Hello @cjreynolds

    After using the "Solution"offered by Microsoft (the command which ruined your settings), some standard user accounts might not show on your screen when you start your computer or when you change a user account. This problem is caused due to the deletion of the standard user accounts from the users group during the resetting of the windows security parameters. To add these accounts back again to the users group just do as follows:

    1. Click start, then click All programs, or click programs.

    2. Click Accessories, then Command prompt(Windows XP). Or click with your right mouse button on Command prompt, then click Run as administrator(Windows Vista).

    3. In the Command prompt window type net users and hit Enter. A list of user accounts will show.

    4. In the command prompt, For each Account_name not being present in the log file or on the changing users screen, type the following command and hit Enter:

    net localgroup users Account_name /add

    THIS IS A TRANSLATED SOLUTION FROM THE FRENCH MICROSOFT SUPPORT PAGE.

    ORIGINAL LINK  supportdotmicrosoftdotcom/kb/313222

    I hope it helps... ;)


    • Edited by Cristore Wednesday, August 07, 2013 6:43 AM same as above
    Wednesday, August 07, 2013 6:42 AM
  • Does this apply to Windows 8 as well>?>
    Wednesday, August 14, 2013 4:19 PM
  • you are a loser
    Thursday, September 19, 2013 3:29 PM