Problem solve Get help with specific problems with your technologies, process and projects.

Applying security templates in %systemroot%\inf

Considerations for application.

Beyond the various security templates found in the %systemroot%securitytemplates directory, you'll also find lots of .inf files in the %systemroot%inf directory. It's important to note that these template files have a different role for Windows than those in the ...securitytemplates directory. Namely, their job is to supply default information when installing whatever version of Windows you use (Windows 2000, XP, or Server 2003, in various forms and flavors). This directory is also where administrative templates (files ending in .adm) live.

Be careful in reapplying templates from this directory. Primarily because they undo everything that's been done to a system since it was installed, this approach can sometimes be handy as a "next to last ditch" repair effort. (The "last ditch" is to reinstall and rebuild; nobody does that unless all other options are exhausted.) In my scheme of disasters, this falls after you've tried to rebuild your system from backup, but before you reinstall the OS and rebuild the system.

That said, a quick gander at the %systemroot%inf directory reveals that of the 700 .inf files in that directory, most are device related and have nothing to do with security. Guide your focus in applying this strategy by three sets of data:

  • Numerous articles in TechNet explain how to reapply installation templates based on unintended side effects when applying security templates or moving devices from one system to another. Searching TechNet for "%systemroot%inf" leads you straight to this information.
  • Search Technet for information about administrative templates. Use filenames as search keys: conf.adm, inetcorp.adm, inetres.adm, inetset.adm, and system.adm are of most interest.
  • Only a handful of files help restore or repair default settings for key Windows environment elements. These include iereset.inf, Iesetup.inf, and iis.inf.

In general, the first two strategies are safer than the third because KB articles provide step-by-step instructions and document potential unwanted side effects. The third strategy should be labeled "Abandon all hope, ye who enter here!"

That said, to install an .inf file you need only right-click it in Explorer, then select the Install option from the resulting pop-up menu. Technet describes how to add or remove .adm files. As with other forms of Registry tinkering, pre-emptive backups are urged (in fact, entire system backups plus Registry backups are not just prudent, but essential).

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.