resetting all security options

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We are having issues with an XP pro workstation, from what I can see, someone
has added My Computer to the restricted sites in the security options within
IE, no although we can access windows explorer we are having all sorts of
issues loading / removing software, access certain mmc's.

In the IE Security options the only thing that now shows up is Restricted
sites, no other zones display, we've tried starting in safe mode, still same
thing happens, because of all the restrictions we can't access any of the
local security policy mmc's or any mmc that uses activex controls.

We've had domain admins logon, local admins logon, the security options
apply to every user. Is there any way to default ALL security settings
(Local / IE etc) using registry changes, or are we facing a re-install of the
OS ?
 
We've had domain admins logon, local admins logon, the security options
apply to every user. Is there any way to default ALL security settings
(Local / IE etc) using registry changes, or are we facing a re-install of
the
OS ?
Click to expand...

I'm not sure restoring the settings is better than a re-install. Jesper
Johansson and Steve Riley argue that "If you accidentally make security
changes that break something, the only fully supported way to undo the
changes is to format and reinstall."
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx

I agree with them that a reinstall is a more reliable way to get your system
to a reliable state. It's true that restoring the default group policy
templates only restores some of your security settings, not all of them.
But if you have reasons for wanting to avoid this, you can still try it, and
maybe you'll be lucky and it will fix your problem. You'd want to use the
Group Policy MMC to import several templates to a database in the correct
order, and then apply that database to your system. I'm thinking I might
import the following templates in this order:

http://www.microsoft.com/resources/...oddocs/en-us/sag_scedefaultpols.mspx?mfr=true

Setup security.inf [in the %windir%\Security\Templates\ folder]
Compatws.inf
defltwk.inf [in the %windir%\INF\ folder]
Rootsec.inf

Further information below [some of the articles below were written for
Windows 2000, but should still be valid for XP Professional].

http://securityadmin.info/faq.asp?grouppolicy

http://support.microsoft.com/?kbid=309689 [general information]
http://support.microsoft.com/?kbid=313205 [recommended first]
http://support.microsoft.com/?kbid=266118 [recommended second]
 
It sounds like you may have more going on other then the fact that my
computer is in the restricted zone. Did you try removing my computer from
the restricted zone? You may also want to check that computer for malware or
spyware as it sounds like that may be a reason that this all happened and
the best solution may be to do a clean reinstall of the operating system. If
you can't remove my computer by normal means you should be able to repair
the IE security zone problem by putting the computer into an OU that has a
Group Policy linked to it that defines the security zones even if just
temporarily or you could also see if my computer shows under the following
registry key and delete it but again I think you have more issues than just
that.

HKEY_CURRENT _USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\


Steve
 
Thanks very much for you help & suggestions, it looks as if a total
re-install will be needed, no idea what caused the problem but we can't get
enough access to the pc to install any malware removal apps, the AV app on
there reports nothing.

I tried the suggestion of setting up a GPO to set the security options to
lowest possible, it seemed to work on initial logon but after making a couple
of changes and relogging everything set back to max security settings again
 
I think a clean install would be a great idea and probably save you time
dealing with the problem in the long run. The problem could be spyware
related and the AV did not detect the problem or it could be something else
that could be very difficult to track down if ever be determined.

Steve
 
Back
Top