What that article fails to point out is that it is impossible to revert
security settings to their defaults in a canonical way. You can get close,
and that article tells you how. However, for example, let's say you do this:
1. Change the ACL on the C:\ directory.
2. Create a folder called c:\foo
3. Create another folder called c:\bar and set its permissions to something
4. Create a file in c:\foo\bar.text
5. Move the file c:\foo\bar.text to c:\bar\bar.text
6. Delect c:\foo
7. Revert permissions to the defaults.
What should the permissions be on c:\bar\bar.text?
The defltbase.inf template will be able to revert the file system and
registry keys that the OS laid down to their defaults. It can make no
guarantees that you get the correct permissions on things that were not laid
down during OS install. In fact, it is guaranteed that it won't because there
are permissions missing in that file. For instance, there are some trailing
Power User permissions in the registry that are not listed in that file. The
file does not contain permissions for %ProgramFiles%, nor for %SystemDrive%.
In short, the only way to revert a system conclusively to the default
security settings is to flatten the system and rebuild it from scratch.
Your question may already be answered in Windows Vista Security:
> KaPes wrote:
> > Hi,
> > I want to ensure that, after mucking arond with various security settings
> > like services, registry settings, file system permissions etc. I should be
> > able to revert back Vista to pristine default security settings.
> > How to achieve that ?
> HOW TO Reset Security Settings Back to the Defaults:
> Elephant Boy Computers
> Don't Panic!