SUMMARY
MORE INFORMATION
Sample command to reset security settings
To reset your operating system back to original installation default security settings:
2. For Windows XP, type the following command, and then press ENTER:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
For Windows Vista, type the following command, and then press ENTER:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
You receive a "Task is completed" message, and a warning message that something could not be done. You can safely ignore this message. For more information about this message, view the %windir%\Security\Logs\Scesrv.log file.
Secedit parameters
• /configure - Specifies that Secedit.exe should set system security settings.
• /DB filename - Provides the path to a database that contains the security template to be applied. This is a required argument, but the database file does not have to exist if you use the /CFG switch to specify a security template.
• /CFG filename - This argument is only valid when you use it with the /DB parameter. It is the path to the security template that will be imported into the database and applied to the system. If you do not specify this argument, the template that is already stored in the database will be applied.
• /overwrite - This argument is only valid when the /CFG argument is also used. This specifies whether the security template in the /CFG argument overwrites any template or composite template that is stored in the database instead of appending the results to the stored template. If this is not specified, the template in the /CFG argument will be appended to the stored template.
• /areas AreaName1AreaName2... Specifies the security areas to be applied to the system. The default is "all areas." Each area must be separated by a space.
AreaNameX - Description
SECURITYPOLICY - Local policy and domain policy for the system, including account policies, audit policies, and other policies.
GROUP_MGMT - Restricted group settings for any groups that are specified in the security template.
USER_RIGHTS - User logon rights and granting of privileges.
REGKEYS - Security on local registry keys.
FILESTORE - Security on local file storage.
SERVICES - Security for all defined services.
Note Each of these areas coincide with similar names in the Security Template.
• /log logpath - You can use this switch to configure the location of the log file that tracks the changes.
• /verbose - Specifies more detailed progress information.
• /quiet - Minimize the amount of feedback that is provided during the update on the screen and in the log file.
APPLIES TO
| • | Microsoft Windows XP Professional |
| • | Windows Vista Business |
| • | Windows Vista Enterprise |
| • | Windows Vista Home Basic |
| • | Windows Vista Home Premium |
| • | Windows Vista Ultimate |
Keywords:kbenv kbhowtomaster KB313222
原文出处:http://support.microsoft.com/default.aspx?scid=kb;en-us;313222
