Open a command prompt with elevated permissions and run the following command to reset all security configurations to default in Windows 7 and Microsoft Windows Server 2008.
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
Monday, July 25, 2011
Saturday, June 25, 2011
Take ownership and change permissions of eventlog files on WinXP systems
#take ownership and change permissions of eventlog files on WinXP systems
$group1 = [ADSI]"WinNT://./Administrators"
$group2 = [ADSI]"WinNT://./Auditors"
$objUser = New-Object System.Security.Principal.NTAccount("changeme", "xadministrator2")
#assign object files
$objFile1 = Get-Acl C:\windows\system32\config\secevent.evt
$objFile2 = Get-Acl C:\windows\system32\config\sysevent.evt
$objFile3 = Get-Acl C:\windows\system32\config\appevent.evt
#Set ownership
$objFile1.SetOwner($objUser)
$objFile2.SetOwner($objUser)
$objFile3.SetOwner($objUser)
#Remove Inheritance
$objFile1.setAccessRuleProtection($true, $true)
$objFile2.setAccessRuleProtection($true, $true)
$objFile3.setAccessRuleProtection($true, $true)
#Remove Administrator Group Permissions
$objfile1.Access | where {$_.IdentityReference.ToString() -eq $group1} | foreach {$objfile1.RemoveAccessRule($_)}
$objfile2.Access | where {$_.IdentityReference.ToString() -eq $group1} | foreach {$objfile2.RemoveAccessRule($_)}
$objfile3.Access | where {$_.IdentityReference.ToString() -eq $group1} | foreach {$objfile3.RemoveAccessRule($_)}
#Create new access rules
$rule1 = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @($group1, "ReadAndExecute","Allow")
$rule2 = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @($group2, "FullControl","Allow")
#apply access rules to files
$objfile1.SetAccessRule($rule1)
$objfile2.SetAccessRule($rule1)
$objfile3.SetAccessRule($rule1)
$objfile1.SetAccessRule($rule2)
$objfile2.SetAccessRule($rule2)
$objfile3.SetAccessRule($rule2)
#apply Settings
Set-Acl -aclobject $objFile1 -path C:\windows\system32\config\secevent.evt
Set-Acl -aclobject $objFile2 -path C:\windows\system32\config\sysevent.evt
Set-Acl -aclobject $objFile3 -path C:\windows\system32\config\appevent.evt
$group1 = [ADSI]"WinNT://./Administrators"
$group2 = [ADSI]"WinNT://./Auditors"
$objUser = New-Object System.Security.Principal.NTAccount("changeme", "xadministrator2")
#assign object files
$objFile1 = Get-Acl C:\windows\system32\config\secevent.evt
$objFile2 = Get-Acl C:\windows\system32\config\sysevent.evt
$objFile3 = Get-Acl C:\windows\system32\config\appevent.evt
#Set ownership
$objFile1.SetOwner($objUser)
$objFile2.SetOwner($objUser)
$objFile3.SetOwner($objUser)
#Remove Inheritance
$objFile1.setAccessRuleProtection($true, $true)
$objFile2.setAccessRuleProtection($true, $true)
$objFile3.setAccessRuleProtection($true, $true)
#Remove Administrator Group Permissions
$objfile1.Access | where {$_.IdentityReference.ToString() -eq $group1} | foreach {$objfile1.RemoveAccessRule($_)}
$objfile2.Access | where {$_.IdentityReference.ToString() -eq $group1} | foreach {$objfile2.RemoveAccessRule($_)}
$objfile3.Access | where {$_.IdentityReference.ToString() -eq $group1} | foreach {$objfile3.RemoveAccessRule($_)}
#Create new access rules
$rule1 = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @($group1, "ReadAndExecute","Allow")
$rule2 = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @($group2, "FullControl","Allow")
#apply access rules to files
$objfile1.SetAccessRule($rule1)
$objfile2.SetAccessRule($rule1)
$objfile3.SetAccessRule($rule1)
$objfile1.SetAccessRule($rule2)
$objfile2.SetAccessRule($rule2)
$objfile3.SetAccessRule($rule2)
#apply Settings
Set-Acl -aclobject $objFile1 -path C:\windows\system32\config\secevent.evt
Set-Acl -aclobject $objFile2 -path C:\windows\system32\config\sysevent.evt
Set-Acl -aclobject $objFile3 -path C:\windows\system32\config\appevent.evt
Subscribe to:
Posts (Atom)