How to Reset Local Security Policy Settings to Default in Windows XP and Vista

Have you ever gotten a computer second-hand? Maybe from a company that was shutting down or from someone who no longer needed theirs? Ideally, you would want to simply reformat the computer and start from scratch, right?

However, that’s not always the case. Let’s say you get a computer that has Windows XP or Windows Vista already installed, but you don’t have the original CD that came with the computer. So you really can’t reformat computer without risking Windows not activating properly.

So what’s the problem with just leaving it the way it is? Well, sometimes when you get a computer, it may have been part of an Active Directory environment, which means it was subject to Group Policies.

Even if you remove the computer from the domain and put it into a workgroup, the local security policies that were changed will not be removed. This can be very annoying because local security policies include settings like preventing users from installing printers, restricting who can use the CD-ROM drive, requiring a smart card, restricted logon hours, password requirements and more!

These are all great in a corporate environment, but will cause all kinds of grief to a normal computer user. So what you can do to solve this problem is to reset the local security settings to their default settings.

The way this can be done is by using the default security configuration templates that come with all versions of Windows XP and Vista. This may sound too technical, but all you have to do is run one command.

First, click on Start, Run and then type in CMD. Now copy and paste the following command into the window:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

If you are running Windows Vista and need to reset the security settings to their default values, use this command instead:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

reset local security policy

That’s it! Now just wait for Windows to go through all the registry settings and reset them. It takes a few minutes and you’ll have to restart the computer to see the changes.

But now you should be able to use your computer without any of the remnants of local security settings from previous Group Policies. Enjoy!

Comments [22]

  1. Good Job! This is a good way to reset the settings when Malware has messed them up. Even with the Malware removed, not all removal tools reset the security settings.

  2. Thank you so much. I am currently in IRAQ with the US Army.

    I knew there was a way to do this. The sad part is that it took me over a day to find it.

    Great help!!!

    Thank you

  3. I have a machine as you described above that was part of a domain and given to an employee when they left the organization. I ran the command that you listed and still the machine is restricted from internet access. I have run RSoP and receive the red circle with a white x in it. A message will appear that the "Latest versions of the … are not available" What other settings am I missing?


  4. Got an error…Here's a cut out of my scesrv.log….any info would be great:

    —-Configure Registry Keys…

    Configure users.default.

    Configure users.defaultsoftwaremicrosoft

    Configure machinesoftware.

    Configure machinesoftwareclasses.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesPDFProCMWrap.CPDFProCMWrapCLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesPDFProCMWrap.CPDFProCMWrap.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.ClassNavCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.CPPWizCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.EventListCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.EventRegCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.HelpCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.InstNavCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.LoginCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.MOFCompCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.MOFWizCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.MultiViewCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.NSPickerCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.ObjViewerCtrl.1CLSID.

    Warning 5: Access is denied.

    Error setting security on machinesoftwareclassesWBEM.SingleViewCtrl.1CLSID.

    Configure machinesoftwareclasses.hlp.

    Configure machinesoftwareclasseshelpfile.

    Configure machinesoftwaremicrosoftadsprovidersldapextensions.

    Configure machinesoftwaremicrosoftadsproviders

    Configure machinesoftwaremicrosoftadsproviders

    Configure machinesoftwaremicrosoftadsproviderswinnt.

    Configure machinesoftwaremicrosoftcommand processor.

    Configure machinesoftwaremicrosoftcryptography.

    Configure machinesoftwaremicrosoftcryptographycalais.

    Configure machinesoftwaremicrosoftdriver signing.

    Configure machinesoftwaremicrosoftenterprisecertificates.

    Configure machinesoftwaremicrosoft

    Configure machinesoftwaremicrosoft
    on-driver signing.

    Configure machinesoftwaremicrosoftole.

    Configure machinesoftwaremicrosoft

    Configure machinesoftwaremicrosoftsecure.

    Configure machinesoftwaremicrosoftsystemcertificates.

    Configure machinesoftwaremicrosoftupnp device host.

    Configure machinesoftwaremicrosoftwindowscurrentversionexploreruser shell folders.

    Configure machinesoftwaremicrosoftwindowscurrentversion

    Configure machinesoftwaremicrosoftwindowscurrentversion

    Configure machinesoftwaremicrosoftwindowscurrentversion

    Configure machinesoftwaremicrosoftwindowscurrentversion elephony.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionaccessibility.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionaedebug.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionasrcommands.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionclasses.

    Configure machinesoftwaremicrosoftwindows ntcurrentversiondrivers32.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionefs.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionfont drivers.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionfontmapper.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionimage file execution options.

    Configure machinesoftwaremicrosoftwindows ntcurrentversioninifilemapping.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionperflib.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionprofilelist.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionsecedit.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionsetup

    Configure machinesoftwaremicrosoftwindows ntcurrentversionsvchost.

    Configure machinesoftwaremicrosoftwindows ntcurrentversion erminal serverinstallsoftwaremicrosoftwindowscurrentversion

    Configure machinesoftwaremicrosoftwindows ntcurrentversion ime zones.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionwindows.

    Configure machinesoftwaremicrosoftwindows ntcurrentversionwinlogon.

    Configure machinesoftwarepolicies.

    Configure machinesystem.

    Configure machinesystemcurrentcontrolsetcontrolclass.

    Configure machinesystemcurrentcontrolsetcontrolkeyboard layout.

    Configure machinesystemcurrentcontrolsetcontrolkeyboard layouts.

    Configure machinesystemcurrentcontrolsetcontrol

    Configure machinesystemcurrentcontrolsetcontrolsecurepipeserverswinreg.

    Configure machinesystemcurrentcontrolsetcontrolsession managerexecutive.

    Configure machinesystemcurrentcontrolsetcontrol imezoneinformation.

    Configure machinesystemcurrentcontrolsetcontrolwmisecurity.

    Warning 5: Access is denied.

    Error setting security on machinesystemcurrentcontrolsetservicessptdCfg.

    Configure machinesystemcurrentcontrolsetservicesappmgmtsecurity.

    Configure machinesystemcurrentcontrolsetservicesclipsrvsecurity.

    Configure machinesystemcurrentcontrolsetservicescryptsvcsecurity.

    Configure machinesystemcurrentcontrolsetservicesdnscache.

    Configure machinesystemcurrentcontrolsetservicesersvcsecurity.

    Configure machinesystemcurrentcontrolsetserviceseventlogsecurity.

    Configure machinesystemcurrentcontrolsetservicesirenumsecurity.

    Configure machinesystemcurrentcontrolsetservices

    Configure machinesystemcurrentcontrolsetservices

    Configure machinesystemcurrentcontrolsetservices

    Configure machinesystemcurrentcontrolsetservices

    Configure machinesystemcurrentcontrolsetservices

    Configure machinesystemcurrentcontrolsetservicessamsssecurity.

    Warning 2: The system cannot find the file specified.

    Error enumerating info for machinesystemcurrentcontrolsetservicesscarddrv.

    Configure machinesystemcurrentcontrolsetservicesscardsvrsecurity.

    Configure machinesystemcurrentcontrolsetservicesstisvcsecurity.

    Configure machinesystemcurrentcontrolsetservicessysmonloglog queries.

    Configure machinesystemcurrentcontrolsetservices apisrvsecurity.

    Configure machinesystemcurrentcontrolsetservices cpip.

    Configure machinesystemcurrentcontrolsetservicesw32timesecurity.

    Configure machinesystemcurrentcontrolsetserviceswmisecurity.

    Configuration of Registry Keys was completed successfully.

    —-Configure File Security…

    Configure c:.

    Warning 32: The process cannot access the file because it is being used by another process.

    Error building security descriptor for c:pagefile.sys.

    File Security configuration was completed with one or more errors.

  5. After using this command, my PC is working perfectly. Thanks very much.

  6. I am having a ton of security permissions problems and I need to reset everything. I tried to mess around with locking down my C drive, but I should not have done that. How can I get the original settings back?

  7. Great article!
    I had a new infection today that wiped secedit.exe from teh computer, as well as locking down everything.
    The only way to get around it was to boot from the Ultimate Boot CD (, do a registry restore AFTER changing the security settings on the Config folder, then copying the file to the c drive, and then running the command.

    These scumbags putting out the malware have got to be stopped!

    Thanks again for your help. Between you, UBCD, and Superantispyware, I'm just barely staying ahead of the villians.

  8. Didn't work at all!! Very disappointed!! Ive been working on a computer for almost a day now with no luck at all!! Does anyone have any other solutions for people this fix doesn't work for?

  9. Cant get it to work on 7, can u give us a command line for windows seven :( my GPO is all MESSED UP


  10. if it didnt work, try to do it from an administrator account.

    what I can suggest is to log on as administrator, then go to the system32 folder, delete the 'hidden' folder named 'GroupPolicy' .. restart the machine (of course not hooked to your domain network).. and then run the command line and see if that makes any difference..

    if the computer has local group policies, then deleting that folder helps to remove those policies.. but the registry still needs to be cleaned I think..

    Cheers :)

  11. These don't work in Windows 7 x64 at all, have tried it multiple times. Encountering security errors attempting to modify HKLMSoftwareClasses. Have run using administrator account, ran CMD in admin mode, still no luck. If anyone has a clue how to do this, it'd be nice to hear it. It's really surprising there's no simple method for this that works.

  12. Needle in a Haystack. You just burned down the Haystack. Very Good Job. It's one of the 100 most important tools in my workstation chest now.

  13. Wow – I literally searched for about 2 days trying to solve all my Windows XP problems after a HDD failure – I knew the problem was security, as I saw CHKDISK resetting them all and then afterward saw problems like
    – no taskbar
    – no copy and paste
    – no start button
    – many many other problems.

    All Fixed with one line.

    Thank you for enlightening the world with this. I've copied it into a batch file on our server for posterity.

    I, seriously, can't thank you enough.


  14. Absolute life saver. I thought I was going to have to clean this all up policy by policy.

    Thank you.

  15. GREAT!!! Did exactly as advertised on an XP Pro machine. It got rid of all those annoying group policies.

  16. Was just messing around with security templates in AD and accidentally configured the computer with some settings I was playing around with. Luckily I found this!!!!

    MS should really put in a warning in their training manuals.


  17. First of All… Thanks so much for the help with this post. I also need to know how can i first take a backup of the existing security policy or export it to a location, just incase i want to put it back i can import it again.

  18. How can I do this on Windows Server 2008 R2?

  19. I was given a corporate computer that a friend received from his old employer so he could make it into a linux box. I found a utility to reset all the passwords on the system to blank but was still hitting policy problems.

    This looks like it’s working. I had to replace “%windir%” with “windows” and start from C:\ (cd \) for this to work, but it did in the end.

  20. Very helpful and works for me in Windows 7. I got lot of security issues in one of my Windows 7 image and after setting it to default, it’s working like a charm. Thanks for the help mate.

Leave a Reply

Your email address will not be published. Required fields are marked *