Message 2Message 3Message 4
Important Implementing a security template on a domain controller may change the settings of the Default Domain Controller Policy or Default Domain Policy. The applied template may overwrite permissions on new files, registry keys and system services created by other programs. Restoring these policies might be necessary after applying a security template. Before performing these steps on a domain controller, create a backup of the SYSVOL share.
Note When you use the following procedure, your computer is returned to the original installation state where the Local Security Policy is not defined. You may have to start your computer in Safe mode to rename or move files. For additional information about how to do this, see Windows 2000 Help.
- Open the %SystemRoot%\Security folder, create a new folder, and then name it "OldSecurity".
- Move all of the files ending in .log from the %SystemRoot%\Security folder to the OldSecurity folder.
- Find the Secedit.sdb file in the %SystemRoot%\Security\Database folder, and then rename this file to "Secedit.old".
- Click Start, click Run, type mmc, and then click OK.
- Click Console, click Add/Remove Snap-in, and then add the Security and Configuration snap-in.
- Right-click Security and Configuration and Analysis, and then click Open Database.
- Browse to the %TEMP% folder, type Secedit.sdb in the File name box, and then click Open.
- When you are prompted to import a template, click Setup Security.inf, and then click Open.
- Copy %TEMP%\Secedit.sdb %SystemRoot%\Security\Database.
Article ID: 278316 - Last Review: Jan 7, 2008 - Revision: 1