Applying security templates in %systemroot%\inf

Considerations for application.

This Content Component encountered an error

Beyond the various security templates found in the %systemroot%securitytemplates directory, you'll also find lots of .inf files in the %systemroot%inf directory. It's important to note that these template files have a different role for Windows than those in the ...securitytemplates directory. Namely, their job is to supply default information when installing whatever version of Windows you use (Windows 2000, XP, or Server 2003, in...

various forms and flavors). This directory is also where administrative templates (files ending in .adm) live.

Be careful in reapplying templates from this directory. Primarily because they undo everything that's been done to a system since it was installed, this approach can sometimes be handy as a "next to last ditch" repair effort. (The "last ditch" is to reinstall and rebuild; nobody does that unless all other options are exhausted.) In my scheme of disasters, this falls after you've tried to rebuild your system from backup, but before you reinstall the OS and rebuild the system.

That said, a quick gander at the %systemroot%inf directory reveals that of the 700 .inf files in that directory, most are device related and have nothing to do with security. Guide your focus in applying this strategy by three sets of data:

  • Numerous articles in TechNet explain how to reapply installation templates based on unintended side effects when applying security templates or moving devices from one system to another. Searching TechNet for "%systemroot%inf" leads you straight to this information.
  • Search Technet for information about administrative templates. Use filenames as search keys: conf.adm, inetcorp.adm, inetres.adm, inetset.adm, and system.adm are of most interest.
  • Only a handful of files help restore or repair default settings for key Windows environment elements. These include iereset.inf, Iesetup.inf, and iis.inf.

In general, the first two strategies are safer than the third because KB articles provide step-by-step instructions and document potential unwanted side effects. The third strategy should be labeled "Abandon all hope, ye who enter here!"

That said, to install an .inf file you need only right-click it in Explorer, then select the Install option from the resulting pop-up menu. Technet describes how to add or remove .adm files. As with other forms of Registry tinkering, pre-emptive backups are urged (in fact, entire system backups plus Registry backups are not just prudent, but essential).


Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.


This was first published in June 2003

Dig deeper on Microsoft Active Directory Backup and Restore

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close