Quick way to reset all security permissions to default? (Windows 7)

All replies

• 

  

  0

  Sign in to vote

  this would be handy for Crackerz ^^...i think that formula still doesnt exist but the only thing that i know u can reset to default is the windows firewall....
  Nways w8 for the MSFT answerers and see if they have the miracle receipe!
  Kind regards,
  RR

  Thursday, January 7, 2010 2:42 PM
• 

  

  5

  Sign in to vote

  Or you can seek on the Knowledge Base ... http://support.microsoft.com/kb/313222 :)
  Tis article is for windows vista but i works also for windows 7.
  
  Just run in a evalated prompt the following command.
  secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
  
  Kind Regards

  DFT

  ---

  IM me - TWiTTer: @DFTER

  • Marked as answer by meTech Friday, January 8, 2010 9:42 PM

  Friday, January 8, 2010 1:05 PM
• 

  

  1

  Sign in to vote

  Hi RR
  
  Thanks for your input.
  
  Regards
  
  meTech

  Friday, January 8, 2010 9:38 PM
• 

  

  1

  Sign in to vote

  Hi DFT
  
  Thanks for your help. That was what I was looking for, I'll give that a go.
  
  All the best
  
  meTech

  • Marked as answer by meTech Friday, January 8, 2010 9:42 PM
  • Unmarked as answer by meTech Friday, January 8, 2010 9:42 PM

  Friday, January 8, 2010 9:41 PM
• 

  

  0

  Sign in to vote

  Hi MeTech,
  My Bad lol =/
  if u can perform that then its easy for  crackers to do the same in a remote secure machine ¬¬
  
  RR

  • Proposed as answer by thinkingitthrough Tuesday, August 27, 2013 7:05 AM

  Friday, January 8, 2010 10:31 PM
• 

  

  0

  Sign in to vote

  
  Hi RR
  
  Sorry, but I'm a little confused as to what you actually mean - and for that matter who "crackerz" is??  Please pardon my ignorance, but perhaps you could explain. :-)
  
  Regards
  
  meTech

  Monday, January 11, 2010 4:26 AM
• 

  

  0

  Sign in to vote

  hi Metech sorry for that i kind of wrote it in a rush to it came out like that...a bit senseless but not completely hehe ^^
  lemme rephrase it for ya :
  i meant if u can reset the security settings by typing that command line it would be the same way for bad hackers as soon as they grant access to ur machine...at least i think in that way hehe
  Pardon me about the Bad english ,its nt my first language ;)
  Kind regards,
  RR

  Monday, January 11, 2010 10:40 PM
• 

  

  0

  Sign in to vote

  Hi RR
  
  Thats cool. I get what you are saying.
  
  Unfortunately in this case, I'm not completely sure whether the suggestions made have set things to default anyhow. How do you really know?
  
  Thanks for your input.
  
  All the best
  
  meTech

  Tuesday, January 12, 2010 8:20 PM
• 

  

  0

  Sign in to vote

  the posting above tell you how to reset the SECURITY settings on Pro and above level vista and win 7 pro and above I assume.
  
  if this is what you are talking about then yes it should have no problem.
  If you have a HOME class OS then no.
  Did you receive a "Task is completed" message, and a warning message that something could not be done????

  Tuesday, January 12, 2010 10:31 PM
• 

  

  0

  Sign in to vote

  Hi there
  
  I am running Windows 7 Ultimate (64-bit).
  Yes, I did get the 'task completed' and 'warning' message, indicating that things were normal.
  
  However, I am thinking now that perhaps it has NOT done what I was expecting.  If you say that this procedure resets the "security" settings to default, then I am assuming you mean the "Windows Firewall with Advanced Security" settings.  Actually, when I said "security permissions" I was refering to the "Advanced Security for Users" settings.
  
  Perhaps I should have been clearer with my request for help. . . .
  Is there a quick way to reset all the permissions for the "Advanced Security for Users" to the default settings?
  
  Path ... Users Properties> Security Tab> Advanced> Permissions> Change Permissions
  
  My apologies for the confusion caused. Hopefully this has clarified things.  Thanks. :-)
  
  Kind regards
  
  meTech
  

  Tuesday, January 12, 2010 11:21 PM
• 

  

  0

  Sign in to vote

  Then no the above is not what you are looking for, when I read your post I was thinking NTFS Permissions.
  File and folder access.
  
  My home 7 workstation suffered a thermal event...CPU fan died..so it is down until I replace the fan, so I can not "see" what it is you are looking for.
  

  Wednesday, January 13, 2010 12:47 AM
• 

  

  0

  Sign in to vote

  AWW...Bubba u mean those permissions like in the C:\ or C:\program files folders? the permissions? OMG i just reinstalled my system due to a misconfiguration and i messed up with the permissions ..i set to replace the child objects permissions etc etc...is that what u saying bout the command line above? does it reset to defaults just like when u just installed windows 7?
  will be expecting ur reply buddy!
  Kind regards,
  RR

  Wednesday, January 13, 2010 8:41 PM
• 

  

  0

  Sign in to vote

  hi Metech sorry for that i kind of wrote it in a rush to it came out like that...a bit senseless but not completely hehe ^^
  lemme rephrase it for ya :
  i meant if u can reset the security settings by typing that command line it would be the same way for bad hackers as soon as they grant access to ur machine...at least i think in that way hehe
  Pardon me about the Bad english ,its nt my first language ;)
  Kind regards,
  RR

  
  If an evil hacker has physical access to your computer, it is "owned".  End of story.

  Walt

  Thursday, February 3, 2011 1:09 PM
• 

  

  1

  Sign in to vote

  Correct Walt, except if you have disk encryption like Bitlocker :)

  ---

  IM me - TWiTTer: @DFTER

  Thursday, February 3, 2011 4:15 PM
• 

  

  0

  Sign in to vote

  I tried secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose but the locked files still locked and I cannot access them! Any suggestions?

  Tuesday, February 22, 2011 7:41 PM
• 

  

  1

  Sign in to vote

  If I am reading the above correctly the above command(run as Admin) resets all the Windows Folder and File premissions to their default security settings. You would only need to do this if you(or someone else) had actually changed the folder/file premissions in the first place. To get folder/file access(full control or read/write/excute/modify ect) you need to  change the file premissions or ownership. Checout this link http://www.blogsdna.com/2159/how-to-take-ownership-grant-permissions-to-access-files-folder-in-windows-7.htm.

  Tuesday, March 8, 2011 3:19 PM
• 

  

  0

  Sign in to vote

  Uberwolf, Thank You!

  You have saved me alot of hard work, that post was exactly what I needed, after google didn't provide much help on the subject or did not apply to my problem I started to consider a reinstall.

  Thanks again

  PS Sorry if I have hijacked a post but it looked finished, I just wanted to give credit were its due.

  Thursday, May 26, 2011 10:15 AM
• 

  

  0

  Sign in to vote

  Or you can seek on the Knowledge Base ... http://support.microsoft.com/kb/313222 :)
  Tis article is for windows vista but i works also for windows 7.
  
  Just run in a evalated prompt the following command.
  secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
  
  Kind Regards

  DFT

  ---

  IM me - TWiTTer: @DFTER

  Corrupt permissions are ruining my life. Microsoft Technet showed a command that helps a bit.

  secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
  
  This command line string is helping with one Security tab, but leaves serious system threats untouched in other Security tabs.

  1. Do we "run as Administrator", or something more?
  2. Where is the best place to run this command?
  3. Why is this command resetting object permissions, but leaving in place corrupt file ownership?

  I am running as Administrator, clearing corrupt permissions that appear for reasons I don't understand in Properties > Security > Permissions.

  But in the Owner tab, any corrupt Current owner permission is not touched by SecEdit. SecEdit fixes permissions corruption, but only for a few minutes! What triggers corrupt permissions in the system?

  I am running cmd as administrator and travelling to each disk root to paste and run the secedit command string. Without this direct disk attachment, the command doesn't do anything. But SecEdit is simply making it less likely that I have to Audit ownership before taking back ownership of eack disk. Bandaid only. Not a solution.

  After running SecEdit, I use Windows Explorer to open Computer, and one-by-one for each disk, confirm permission resets. Properties > Security > Advanced
  > Permissions > Change Permissions > Add ... check for corrupt Names, Remove any found - may have to take ownership first. Notice all the "may have to's". THe situation is relentlessly chaotic.

  After SecEdit runs, the Security tabs corrupt differently:
  Auditing > Continue > Add ... rarely shows corruption
  Owner ... and  Owner > Edit ... most frequently show corruption

  Is anyone else getting the same HKU permission corruption, where HKU numeric Keys are taking away SYSTEM and User permissions?

  Current Owner: S-1-5-21-1677977301-2589601805-3516838272-1000

  REALLY tired of resetting corruption, sometimes every 5 minutes all day long. Typically I save any file and get a popup telling me "illegal characters" and then that numeric is owner again. Once a corrupt permission establishes, the speed of corrupt extension grows. One instance of corruption, I can just reset Properties > Advanced > Owner > Edit > select correct Owner in Name list, check Replace owner on subcontainers and objects > Apply.

  But leave that chore for another 5 minutes and the Owner tab options will be completely corrupted. I have to use Auditing > Continue > Add > Advanced > Find New > select a legitimate Name > OK > OK > check Full control > OK > Apply ... then into Owner and Permission tabs and then Remove all the numeric crap.

  Leave it for a day, and only recourse is report to Symantec (could be a bug, right) and report to Microsoft - both their engineers just look, hum-hah and can't come up with a-n-y-t-h-i-n-g to explain why numerics have locked us out and are the only permissions entity! Windows 7-64 on the rocks and upside down.

  Every 5 minutes! Is there another way to secure Windows permissions?

  symantecmanagers@services01.norton.com is the only next step offered so far. Symantec is getting tired of my complaints, and their bug tool can't find a known virus, so they are "not interested". What if someone is making new viruses using my system? I really need to know, IS ANYONE ELSE HAVING THIS ISSUE?
  
  

  • Edited by Disabled web designer Sunday, January 15, 2012 10:51 AM

  Sunday, January 15, 2012 9:32 AM
• 

  

  0

  Sign in to vote

  the secedit proceedure described in previous posting is an extension of the secedit procedure used in XP and 2000.  Just do it.  Both reg and folders are security are changed.  also gives back the securety type of the user when user manager will not allow it.  Carefull though, administrator account is disabled again.

  Wednesday, January 18, 2012 12:53 AM
• 

  

  0

  Sign in to vote

  Just FYI for others who come across this thread. secedit can't fix all security related issues in Vista and newer OS's  and is not supported by Microsoft to use on Vista and above.  And it may make things worse.

  Thursday, February 9, 2012 7:12 PM
• 

  

  0

  Sign in to vote

  We have an urgent problem, after we replaced user permission to read to entire C: root and all subfolders. Main problem is, that these permissions are inheritated also to other user folders, which means that in public computers, a user can access and read other user´s documents.

  When I run the command secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose as admin, situation does not change. I get lot of Warning 5: Access Denied and error settings security on machine\software classes

  Maybe those errors has nothing to do with this, but how I can ensure, that users can´t access another user´s local files?

  Friday, May 3, 2013 11:44 AM
• 

  

  0

  Sign in to vote

  Just ran the command offered by DFT (secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose) from my admin account, and it blew away my user account - I had one admin account and one user account (named 'carl'), and now I only have the admin account.

  The files in the user account are still there (desktop, documents, downloads, etc.). Is there an easy way to restore the account? I was thinking of renaming the users\carl folder, creating a new 'carl' account, then copying the files from the previous account into the new 'carl' folder, but can someone tell me where the profile settings for that account are stored? I should be able to restore the account completely by copying the existing files over, and replacing the new account's profile files with those of the old account, shouldn't I?

  Thanks,

  joe

  Sunday, June 23, 2013 9:37 PM
• 

  

  0

  Sign in to vote

  Just googled for the user profile location - are they in the users folder with the rest of the files? Could it be that easy?
  

  Sunday, June 23, 2013 9:44 PM
• 

  

  1

  Sign in to vote

  Please read the entire paragraph...

  Beginning with Windows Vista, the method to apply the security during operating system setup changed. Specifically, security settings consisted of settings defined in deftbase.inf augmented by settings applied by the operating installation process and server role installation. Because there is no supported process to replay the permissions made by the operating system setup, the use of the “secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose” command line is no longer capable of resetting all security defaults and may even result in the operating system becoming unstable. 

  emphasis is mine...

  Thursday, June 27, 2013 8:19 PM
• 

  

  0

  Sign in to vote

  Hello

  After using the "Solution"offered by Microsoft (the command which ruined your settings), some standard user accounts might not show on your screen when you start your computer or when you change a user account. This problem is caused due to the deletion of the standard user accounts from the users group during the resetting of the windows security parameters. To add these accounts back again to the users group just do as follows:

  1. Click start, then click All programs, or click programs.

  2. Click Accessories, then Command prompt(Windows XP). Or click with your right mouse button on Command prompt, then click Run as administrator(Windows Vista).

  3. In the Command prompt window type net users and hit Enter. A list of user accounts will show.

  4. In the command prompt, For each Account_name not being present in the log file or on the changing users screen, type the following command and hit Enter:

  net localgroup users Account_name /add

  THIS IS A TRANSLATED SOLUTION FROM THE FRENCH MICROSOFT SUPPORT PAGE.

  ORIGINAL LINK  supportdotmicrosoftdotcom/kb/313222

  I hope it helps... ;)

  
  

  • Edited by Cristore Wednesday, August 7, 2013 6:41 AM your stupid system doesn't want to verify my account!

  Wednesday, August 7, 2013 6:36 AM
• 

  

  0

  Sign in to vote

  Hello @cjreynolds

  After using the "Solution"offered by Microsoft (the command which ruined your settings), some standard user accounts might not show on your screen when you start your computer or when you change a user account. This problem is caused due to the deletion of the standard user accounts from the users group during the resetting of the windows security parameters. To add these accounts back again to the users group just do as follows:

  1. Click start, then click All programs, or click programs.

  2. Click Accessories, then Command prompt(Windows XP). Or click with your right mouse button on Command prompt, then click Run as administrator(Windows Vista).

  3. In the Command prompt window type net users and hit Enter. A list of user accounts will show.

  4. In the command prompt, For each Account_name not being present in the log file or on the changing users screen, type the following command and hit Enter:

  net localgroup users Account_name /add

  THIS IS A TRANSLATED SOLUTION FROM THE FRENCH MICROSOFT SUPPORT PAGE.

  ORIGINAL LINK  supportdotmicrosoftdotcom/kb/313222

  I hope it helps... ;)

  
  

  • Edited by Cristore Wednesday, August 7, 2013 6:43 AM same as above

  Wednesday, August 7, 2013 6:42 AM
• 

  

  0

  Sign in to vote

  Does this apply to Windows 8 as well>?>

  Wednesday, August 14, 2013 4:19 PM
• 

  

  0

  Sign in to vote

  you are a loser

  Thursday, September 19, 2013 3:29 PM
• 

  

  0

  Sign in to vote

  If an evil hacker has physical access to your computer, it is "owned".  End of story.

  Walt

  
  I am sorry, but you are wrong There's nothing like "a hacker".  They are all different, very smart sounding, bit really:  there exist a steep level of knowledge even there.
  
  I have not reformat my system since I installed it 2010.
  I do have a defence system developed since then.
  
  But I have a lot of these mishaps as security settings, these lousy "hackers" try to exploit  They cannot make my system down on its knees, but everytime i ban their ptimistic code, they leave things like dll files with "All Users" having full authority to erase, run, write and read... as an example.
  
  That is why I want to have an easy but safe way to reset all security settings for all files in the Windows file menu, belonging to the system.  (Win7 Ulti in my case)
  
  And that goes for Group policy, account settings reset.  Like a "System restore" but some including my personal files. All compressed and encrypted with password enough hard to make the "hacker" get insight that his tile is waisted.   ;)
  
  
  https://www.youtube.com/watch?v=IzBy6agXKoA
   
  
  
  

  Monday, January 26, 2015 4:27 AM
• 

  

  0

  Sign in to vote

  I wasn't thinking, and I think I typed this in on C:\ . . . attrib -s -h -r /s /d *.* and hit Enter
  
  based on this page . . . http://superuser.com/questions/277379/windows-command-line-command-to-list-hidden-folders
  
  Then I saw someone wrote . . . This is not just showing the files, it is changing their attributes, which might have unexpected consequences, depending on where you do this.
  
  I typed this in . . . secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
  
  Does it fix that?

  Saturday, August 6, 2016 6:48 PM