; (c) Microsoft Corporation 1997-2001 ; ; Security Configuration Template for Windows 2000 Professional Home User ; ; Template Name: Home_User.INF ; Template Version: 05.00.HB.0000 ; Created by Eric Schultze ; ; ------------------------------------------------------------------- ; Revision History ; ------------------------------------------------------------------- ; Date Comment ; 1-March-2001 Original, by Eric Schultze ; ------------------------------------------------------------------- [Version] signature="$CHICAGO$" Revision=1 [Profile Description] Description=Security Settings for Home Users on Windows 2000 Professional [Unicode] Unicode=yes [System Access] MinimumPasswordAge = 2 MaximumPasswordAge = 60 MinimumPasswordLength = 7 PasswordComplexity = 1 PasswordHistorySize = 8 LockoutBadCount = 5 ResetLockoutCount = 30 LockoutDuration = 30 ForceLogoffWhenHourExpire = 1 ClearTextPassword = 0 [System Log] MaximumLogSize = 512 AuditLogRetentionPeriod = 0 RestrictGuestAccess = 1 [Security Log] MaximumLogSize = 1024 AuditLogRetentionPeriod = 0 RestrictGuestAccess = 1 [Application Log] MaximumLogSize = 512 AuditLogRetentionPeriod = 0 RestrictGuestAccess = 1 [Event Audit] AuditSystemEvents = 3 AuditLogonEvents = 3 AuditObjectAccess = 3 AuditPrivilegeUse = 2 AuditPolicyChange = 3 AuditAccountManage = 3 AuditAccountLogon = 3 CrashOnAuditFull = 0 ;---------------------------------------------------------------- ;Registry Values ;---------------------------------------------------------------- [Registry Values] ; Registry value name in full path = Type, Value ; REG_SZ ( 1 ) ; REG_EXPAND_SZ ( 2 ) // with environment variables to expand ; REG_BINARY ( 3 ) ; REG_DWORD ( 4 ) ; REG_MULTI_SZ ( 7 ) [Registry Values] MACHINE\Software\Microsoft\Driver Signing\Policy=3,1 MACHINE\Software\Microsoft\Non-Driver Signing\Policy=3,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,7 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,Attention MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=1,Authorized Users Only MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,1 MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,2 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,2 MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0 MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,0 MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1 MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 ;Additional Reg Keys that should be added. They do not appear in the GUI interface MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareWks=4,0 ;Automatically created shares (i.e. C$, D$, ADMIN$) will not be shared MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt=4,1 ;Kerberos and RSVP traffic are no longer exempted by default if this registry is set to 1. MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\hidden=4,1 ;This will remove the computer from network browse lists MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\diskspacethreshold=4,10 ;This will send an alert to the Event Log when any disk reaches 10 percent capacity remaining [Privilege Rights] SeNetworkLogonRight = SeTcbPrivilege = SeMachineAccountPrivilege = SeBackupPrivilege = *S-1-5-32-551,*S-1-5-32-544 SeChangeNotifyPrivilege = *S-1-5-32-545,*S-1-5-32-547,*S-1-1-0,*S-1-5-32-551,*S-1-5-32-544 SeSystemtimePrivilege = *S-1-5-32-547,*S-1-5-32-544 SeCreatePagefilePrivilege = *S-1-5-32-544 SeCreateTokenPrivilege = SeCreatePermanentPrivilege = SeDebugPrivilege = *S-1-5-32-544 SeDenyNetworkLogonRight = SeDenyBatchLogonRight = SeDenyServiceLogonRight = SeDenyInteractiveLogonRight = SeEnableDelegationPrivilege = SeRemoteShutdownPrivilege = SeAuditPrivilege = SeIncreaseQuotaPrivilege = SeIncreaseBasePriorityPrivilege = *S-1-5-32-544 SeLoadDriverPrivilege = *S-1-5-32-544 SeLockMemoryPrivilege = SeBatchLogonRight = SeServiceLogonRight = SeInteractiveLogonRight = *S-1-5-32-545,*S-1-5-32-547,*S-1-5-32-551,*S-1-5-32-544 SeSecurityPrivilege = *S-1-5-32-544 SeSystemEnvironmentPrivilege = *S-1-5-32-544 SeProfileSingleProcessPrivilege = *S-1-5-32-547,*S-1-5-32-544 SeSystemProfilePrivilege = *S-1-5-32-544 SeUndockPrivilege = *S-1-5-32-545,*S-1-5-32-547,*S-1-5-32-544 SeAssignPrimaryTokenPrivilege = SeRestorePrivilege = *S-1-5-32-551,*S-1-5-32-544 SeShutdownPrivilege = *S-1-5-32-545,*S-1-5-32-547,*S-1-5-32-551,*S-1-5-32-544 SeSyncAgentPrivilege = SeTakeOwnershipPrivilege = *S-1-5-32-544 [Group Membership] TelnetClients__Memberof = TelnetClients__Members = [Service General Setting] TlntSvr,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Alerter,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" cisvc,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Browser,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Dhcp,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Messenger,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" mnmsrvc,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" RemoteRegistry,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Schedule,4,"D:(A;;CCLCSWLOCRRC;;;IU)(A;;GA;;;BA)(A;;GA;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" PolicyAgent,2,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)" [File Security] ;---------------------------------------------------------------------------- ;NOTE: I have not tested these - delete if you don't wish to run this section ;---------------------------------------------------------------------------- ;--------------------------------------------------------------------------------------- ;x86 Boot Files ;--------------------------------------------------------------------------------------- "%SystemDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDrive%\ntbootdd.sys",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDrive%\autoexec.bat",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" "%SystemDrive%\config.sys",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" ;--------------------------------------------------------------------------------------------- ;System Drive (\) ;--------------------------------------------------------------------------------------------- "%ProgramFiles%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;--------------------------------------------------------------------------------------------- ;System Root (Typically \WINNT) ;--------------------------------------------------------------------------------------------- "%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;;GRGX;;;WD)" "%SystemRoot%\explorer.exe",2,"D:(A;;GRGX;;;WD)" ;Ignored Dirs do not exist when security applied during setup. "%SystemRoot%\CSC",1,"D:AR" "%SystemRoot%\debug",1,"D:AR" "%SystemRoot%\Offline Pages",1,"D:AR" "%SystemRoot%\Profiles",1,"D:AR" "%SystemRoot%\Registration",1,"D:AR" "%SystemRoot%\repair",2,"D:P(A;CI;GRGX;;;BU)(A;CI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\Tasks",1,"D:AR" "%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;BU)(A;CI;0x100026;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;New Dirs for NT5 "%SystemRoot%\addins",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\Connection Wizard",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\java",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\msagent",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\security",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\twain_32",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemRoot%\Web",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;--------------------------------------------------------------------------------------------- ;System Directory (Typically \Winnt\System32) ;--------------------------------------------------------------------------------------------- "%SystemDirectory%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGX;;;WD)" ;Dirs which do not exist when security applied during setup. "%SystemDirectory%\appmgmt",1,"D:AR" "%SystemDirectory%\DTCLog",1,"D:AR" "%SystemDirectory%\GroupPolicy",1,"D:AR" "%SystemDirectory%\NTMSData",1,"D:AR" "%SystemDirectory%\Setup",1,"D:AR" "%SystemDirectory%\ReinstallBackups",1,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\repl",1,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\repl\import",1,"D:(A;CIOI;GRGWGXSD;;;RE)" "%SystemDirectory%\repl\export",1,"D:(A;CIOI;GRGWGXSD;;;RE)" "%SystemDirectory%\spool\printers",1,"D:P(A;CI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;Dirs that are different from parent ;World has LT RX-CIOI or PU's have LT Mod-CIOI. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;BU)(A;CI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\dhcp",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\dllcache",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\drivers",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" ;New Dirs for NT5 "%SystemDirectory%\CatRoot",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\ShellExt",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SystemDirectory%\wbem\mof",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" [Registry Keys] "USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR" "USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "USERS\.DEFAULT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR" "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR" "MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\Computername",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:PAR(A;CI;KA;;;BA)" "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",2,"D:(A;CI;GR;;;WD)" "MACHINE\SYSTEM\ControlSet010",1,"D:AR" "MACHINE\SYSTEM\ControlSet009",1,"D:AR" "MACHINE\SYSTEM\ControlSet008",1,"D:AR" "MACHINE\SYSTEM\ControlSet007",1,"D:AR" "MACHINE\SYSTEM\ControlSet006",1,"D:AR" "MACHINE\SYSTEM\ControlSet005",1,"D:AR" "MACHINE\SYSTEM\ControlSet004",1,"D:AR" "MACHINE\SYSTEM\ControlSet003",1,"D:AR" "MACHINE\SYSTEM\ControlSet002",1,"D:AR" "MACHINE\SYSTEM\ControlSet001",1,"D:AR" "MACHINE\SYSTEM\Clone",1,"D:AR" "MACHINE\System",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GR;;;IU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AsrCommands",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;SDGWGR;;;BO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion",2,"D:(A;CI;GR;;;WD)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Secure",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR" "MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\Software\Classes",2,"D:(A;CI;GR;;;WD)" "MACHINE\Software",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"