本機安全性原則 Unable to edit local security policy

 

問題描述︰
[Unable to edit local security policy]

Attempts to edit the local security policy of a Windows Server 2003 member results in the following error:
"Windows cannot read template information"

說明與方法︰
ANALYSIS
=======================

We can reproduce the problem by deleting the local Guest account
When opening the local policy, the values under this registry hive (HKLM\Security\Policy\Accounts\S-1-...) are processed.
If a value exists here with insufficient (or missing) data, the process will fail.

RESOLUTION
=======================

Here is the steps to restore the Guest account:
1. Open regedit
2. Go to "HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Builtin\Aliases\Members\"
3. There are few keys with different SIDs

4. Expand each SIDs and find the one that has the "000001F5" subkey

5. Copy the parent key string, in this example, it is "S-1-5-21-3217643301-207217351-1313294057"
6. Edit "restore_guest_acct.reg.txt" with notepad
7. Replace "S-1-5-21-4052084063-2461485535-52935827" with the string copied in step 5
8. Save the file and remove the ".txt" extension
9. Backup the current "HKEY_LOCAL_MACHINE\SECURITY" hive
10. Double click the reg file to register the Guest account
11. Check to see if you can now read the Secpol.msc

Below is a sample registry information for a local Guest account in Chinese traditional Windows 2003 OS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\Names\Guest]
@=hex(1f5):

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5]
"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f,00,00,00,00,00,00,00,00,\
f5,01,00,00,01,02,00,00,15,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00
"V"=hex:00,00,00,00,b0,00,00,00,02,00,01,00,b0,00,00,00,0a,00,00,00,00,00,00,\
00,bc,00,00,00,00,00,00,00,00,00,00,00,bc,00,00,00,22,00,00,00,00,00,00,00,\
e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,\
00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,\
00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,\
00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,\
08,00,00,00,01,00,00,00,e8,00,00,00,04,00,00,00,00,00,00,00,ec,00,00,00,04,\
00,00,00,00,00,00,00,f0,00,00,00,04,00,00,00,00,00,00,00,f4,00,00,00,04,00,\
00,00,00,00,00,00,01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,44,00,00,\
00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\
00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\
00,4c,00,03,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
00,00,00,20,02,00,00,47,00,75,00,65,00,73,00,74,00,00,00,9b,4f,86,4f,d3,8c,\
58,5b,d6,53,fb,96,66,81,2f,00,b2,7d,df,57,4b,4e,28,75,84,76,67,51,fa,5e,33,\
5e,36,62,66,81,01,02,00,00,07,00,00,00,01,00,01,00,01,00,01,00,01,00,01,00,\
01,00,01,00

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-4052084063-2461485535-52935827\000001F5]
@="Ȣ"