• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Can I change local security policy entries from RegEdit?


Posts
2
#1
Hi there,

Which registry settings should I change to set the top two default Windows rules back to 'Unrestricted' please?

M4.png

I set up some rules in the local security policy some time ago when there was fuss in the news about the cryptolocker virus. They looked a lot like the rules above (I found that screenshot online as I can't take one myself, read on..)

Today I was installing some software that wanted access to the areas I restricted. I temporarily disabled the rules, then re-enabled them. Being a dumbass I also set the top two rules (which are Windows default rules) to Disallowed!

Over the following 10 minutes various aspects of my PC stopped working, telling me that the local security policy prevented access. I couldn't even get into the Control Panel or the Local Security Policy screen to change it back, once I realised what I had done. I rebooted the machine - it won't come back up :huh:

I've tried a system restore by booting from the installer on USB (which did not work, it grumbled that it could not restore due a file locked by anti-virus) so I think I've got two options:


  1. Refresh my system using the Windows 8 tools - but I suspect that might leave the LSP rules in place, as it retains my settings & preferences.
  2. Hand edit the registry to correct the settings.
Option 2 is looking best, I can get into RegEdit from the recovery console, but I'm not sure what to edit and what to set it to? Could anyone kindly advise?

This is on Windows 8.1 Pro if that helps.

Thanks ever so much,
Chris
 

My Computer

System One

  • OS
    Windows 8.1
Posts
2
#2
Hi again,

So I've found that default software policy rules should look like this:


%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%,Path,Unrestricted,
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%,Path,Unrestricted
and might be located in the registry here?

Software restriction policies are stored in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer or in HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows.
Is anyone able to confirm what a default / working set of registry values should be set to please?

Thanks again,
Chris
 

My Computer

System One

  • OS
    Windows 8.1

Users Who Are Viewing This Thread (Users: 0, Guests: 1)