; Copyright (c) Microsoft Corporation. All rights reserved. ; ; Security Configuration Template for Security Configuration Editor ; ; Template Name: puwk.INF ; Template Version: 05.10.PU.0000 ; ; Default Security for Vista - Power User rollback template ; ; There is no template to undo the effect of applying the Power User permissions. ; Please make sure you have completely understood the impact of adding Power User ; aces before applying the template. [Profile Description] %SCEPowerUserProfileDescription% [version] signature="$CHICAGO$" revision=1 DriverVer=06/21/2006,6.1.7600.16385 [Privilege Rights] SeChangeNotifyPrivilege = Add:, *S-1-5-32-547 SeInteractiveLogonRight = Add:, *S-1-5-32-547 SeNetworkLogonRight = Add:, *S-1-5-32-547 SeProfileSingleProcessPrivilege = Add:, *S-1-5-32-547 SeShutdownPrivilege = Add:, *S-1-5-32-547 SeSystemTimePrivilege = Add:, *S-1-5-32-547 SeUndockPrivilege = Add:, *S-1-5-32-547 [Service General Setting] ;Note: startup type should not be configured during setup\dcpromo. ;autostarted on workstations and servers, standalone or joined - Remove PU ability to stop\start. dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Sysmonlog,,"D:(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCRPLOCR;;;LU)S:AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" ;Not autostarted, but non-default DACL - Remove PU ability to change template ClipSrv,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" NetDDE,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" NetDDEdsdm,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" [Registry Keys] "MACHINE\Software",0,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" ;Same as parent, but this is the target of a symlink - set explicitly. "MACHINE\SOFTWARE\Classes",0,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\SOFTWARE\Classes\.hlp",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "MACHINE\System",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" "USERS\.DEFAULT",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)" [File Security] ;--------------------------------------------------------------------------------------------- ;ProgramFiles ;--------------------------------------------------------------------------------------------- ;Need to use the SceInfProgramFiles environment var to handle the Win9x upgrade case which is treated like clean-install ;"%SystemDrive%\%SCEInfProgramFiles%",0,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)" "%SceInfProgramFiles%",0,"D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1301bf;;;SY)(A;OICIIO;GA;;;SY)(A;;0x1301bf;;;BA)(A;OICIIO;GA;;;BA)(A;OICI;GXGR;;;BU)(A;OICIIO;GA;;;CO)(A;OICI;GRGWGXSD;;;PU)" ;--------------------------------------------------------------------------------------------- ;System Root (Typically \WINDOWS) ;--------------------------------------------------------------------------------------------- "%SystemRoot%",0,"D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1301bf;;;SY)(A;IOCIOI;GA;;;SY)(A;;0x1301bf;;;BA)(A;IOCIOI;GA;;;BA)(A;CIOI;GRGX;;;BU)(A;OICIIO;GA;;;CO)(A;CIOI;GRGWGXSD;;;PU)" ;--------------------------------------------------------------------------------------------- ;System Directory (Typically \Windows\System32) ;--------------------------------------------------------------------------------------------- "%SystemDirectory%",0,"D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1301bf;;;SY)(A;IOCIOI;GA;;;SY)(A;;0x1301bf;;;BA)(A;IOCIOI;GA;;;BA)(A;CIOI;GRGX;;;BU)(A;OICIIO;GA;;;CO)(A;CIOI;GRGWGXSD;;;PU)" [Strings] SceInfProgramFiles = "%ProgramFiles%" SceInfProgramFilesx86 = "%ProgramFiles% (x86)" SceInfCommonProgramFiles = "%CommonProgramFiles%" SCEPowerUserProfileDescription = "Power User Security Settings." SCEInfSysdir1 = "edit.com" SCEInfSysdir2 = "edit.hlp" SCEInfHelp1 = "signin.hlp"