[Unicode] Unicode=yes [System Access] MinimumPasswordAge = 90 MaximumPasswordAge = 30 MinimumPasswordLength = 8 PasswordComplexity = 1 PasswordHistorySize = 24 LockoutBadCount = 3 ResetLockoutCount = 15 LockoutDuration = 15 ForceLogoffWhenHourExpire = 1 NewAdministratorName = "Name removed for security reasons" NewGuestName = "Name removed for security reasons" ClearTextPassword = 0 LSAAnonymousNameLookup = 0 EnableAdminAccount = 1 EnableGuestAccount = 0 [System Log] MaximumLogSize = 16384 AuditLogRetentionPeriod = 0 RestrictGuestAccess = 1 [Security Log] MaximumLogSize = 81920 AuditLogRetentionPeriod = 0 RestrictGuestAccess = 1 [Application Log] MaximumLogSize = 16384 AuditLogRetentionPeriod = 0 RestrictGuestAccess = 1 [Event Audit] AuditSystemEvents = 3 AuditLogonEvents = 3 AuditObjectAccess = 3 AuditPrivilegeUse = 2 AuditPolicyChange = 3 AuditAccountManage = 3 AuditProcessTracking = 0 AuditDSAccess = 0 AuditAccountLogon = 3 [Kerberos Policy] MaxTicketAge = 10 MaxRenewAge = 7 MaxServiceAge = 600 MaxClockSkew = 5 TicketValidateClient = 1 [Registry Keys] "MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\Netbt",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;LS)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;LS)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\tcpip",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;LS)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Irenum\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Netdde\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\w32time\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\wmi\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;LS)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "machine\software",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;CCDCSWRPRC;;;BU)" "machine\software\microsoft\netdde",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)" "machine\software\microsoft\windows nt\currentversion\perflib",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KR;;;IU)(A;CI;KR;;;NS)(A;CI;KA;;;SY)" "machine\software\microsoft\windows\currentversion\group policy",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)" "machine\software\microsoft\windows\currentversion\installer",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\software\microsoft\windows\currentversion\policies",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)" "machine\system",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\clone",1,"D:AR" "machine\system\controlset001",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset002",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset003",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset004",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset005",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset006",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset007",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset008",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset009",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\controlset010",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "machine\system\currentcontrolset\control\securepipeservers\winreg",2,"D:PAR(A;CI;KA;;;BA)(A;;KR;;;BO)(A;CI;KR;;;LS)" "machine\system\currentcontrolset\control\wmi\security",2,"D:PAR(A;CI;KR;;;BA)(A;;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)" "machine\system\currentcontrolset\enum",1,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)" "machine\system\currentcontrolset\hardware profiles",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "users\.default",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "users\.default\software\microsoft\netdde",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)" "CLASSES_ROOT",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;CCDCSWRPRC;;;BU)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands",2,"D:PAR(A;CI;KA;;;BA)(A;CI;CCDCLCSWRPSDRC;;;BO)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\Cryptography\Calais",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;LS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\MSDTC",0,"D:PAR(A;CI;KA;;;BA)(A;CI;CCDCLCSWRPRC;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey",2,"D:PAR(A;CI;KA;;;BA)(A;CI;CCDCLCSWRPRC;;;NS)(A;CI;KA;;;SY)" "MACHINE\SOFTWARE\Microsoft\UPnP Device Host",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;LS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;LS)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Control\Network",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;LS)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;NS)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" [Version] signature="$CHICAGO$" Revision=1 [Group Membership] *S-1-5-32-547__Memberof = *S-1-5-32-547__Members = Backup Operators__Memberof = Backup Operators__Member = Power Users__Memberof = Power Users__Members = [Registry Values] MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1 MACHINE\Software\Microsoft\Driver Signing\Policy=3,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,"0" MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,"2" MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,"0" MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"2" MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"1" MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,4 MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1 MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,7 MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1 MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1 MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,537395248 MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,1 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,537395248 MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode=4,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=1,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt=4,1 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255 MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod=4,0 [Privilege Rights] SeNetworkLogonRight = *S-1-5-21-18574106-98394105-1388058041-6710 SeTcbPrivilege = SeMachineAccountPrivilege = Administrators SeIncreaseQuotaPrivilege = *S-1-5-32-544,*S-1-5-19,*S-1-5-20 SeRemoteInteractiveLogonRight = *S-1-5-32-544 SeBackupPrivilege = *S-1-5-32-544 SeChangeNotifyPrivilege = *S-1-5-32-544,*S-1-5-32-545 SeSystemtimePrivilege = Administrators SeCreatePagefilePrivilege = Administrators SeCreateTokenPrivilege = SeCreatePermanentPrivilege = SeDebugPrivilege = Administators SeDenyBatchLogonRight = SeDenyNetworkLogonRight = Guests,Support_388945a0 SeDenyServiceLogonRight = SeDenyRemoteInteractiveLogonRight = *S-1-1-0 SeEnableDelegationPrivilege = SeRemoteShutdownPrivilege = Administrators SeAuditPrivilege = *S-1-5-19,*S-1-5-20 SeIncreaseBasePriorityPrivilege = Administrators SeLoadDriverPrivilege = Administrators SeLockMemoryPrivilege = SeBatchLogonRight = SeServiceLogonRight = *S-1-5-20,*S-1-5-32-544 SeInteractiveLogonRight = Users, Administrators SeSecurityPrivilege = Administrators SeSystemEnvironmentPrivilege = Administrators SeManageVolumePrivilege = Administrators SeProfileSingleProcessPrivilege = *S-1-5-32-544 SeSystemProfilePrivilege = Administrators SeUndockPrivilege = Administrators,Users SeAssignPrimaryTokenPrivilege = *S-1-5-20,*S-1-5-19 SeRestorePrivilege = *S-1-5-32-544 SeShutdownPrivilege = Administrators,Users SeSyncAgentPrivilege = SeTakeOwnershipPrivilege = Administrators [File Security] "%SystemDrive%\Shared Program Data",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1301bf;;;AU)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\Profiles",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\Profiles\Administrator",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\Profiles\Default User",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\NtmsData",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\GroupPolicy",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)(A;OICI;FA;;;SY)" "%systemRoot%\System32\at.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\arp.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\attrib.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\cacls.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\debug.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\edlin.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\eventcreate.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\eventtriggers.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\ftp.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\nbtstat.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\net.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\net1.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\netsh.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\netstat.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\nslookup.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\ntbackup.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\rcp.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\reg.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\regedit.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\regedt32.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\regini.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\regsvr32.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\rexec.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\route.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\rsh.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\sc.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\secedit.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\subst.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\System32\systeminfo.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\telnet.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\tftp.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%systemRoot%\system32\tlntsvr.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" "%SystemDrive%\Documents and Settings\Default User",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%AllUsersProfile%",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%AllUsersProfile%\Documents\desktop.ini",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%AllUsersProfile%\Documents",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)(A;CI;0x100116;;;BU)" "%SystemRoot%\Registration\CRMLog",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;;0x1200ab;;;BU)(A;OIIO;0x13019f;;;BU)" "%SystemRoot%\Prefetch",2,"D:PAR(A;;FA;;;BA)(A;OIIO;0x1200a9;;;BA)(A;OIIO;FA;;;SY)" "%SystemRoot%\Installer",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%AllUsersProfile%\DRM",1,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%AllUsersProfile%\Application Data\Microsoft\Media Index",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)(A;;FW;;;BU)(A;OICIIO;0x100116;;;BU)" "%AllUsersProfile%\Application Data\Microsoft\HTML Help",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;BU)" "%AllUsersProfile%\Application Data\Microsoft\Crypto\RSA\MachineKeys",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;0x12019f;;;BU)" "%AllUsersProfile%\Application Data\Microsoft\Crypto\DSS\MachineKeys",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;0x12019f;;;BU)" "%AllUsersProfile%\Application Data\Microsoft",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%AllUsersProfile%\Application Data",0,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;CI;0x100116;;;BU)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\Debug\UserMode\userenv.log",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x100006;;;BU)" "%AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1301bf;;;BU)" "%AllUsersProfile%\Application Data\Microsoft\Dr Watson",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)(A;OICIIO;0x100026;;;BU)" "%SystemRoot%\security",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)" "%SystemDrive%\ntldr",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemDrive%\config.sys",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemDrive%\ntdetect.com",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemDrive%\boot.ini",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemDrive%\autoexec.bat",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\Offline Web Pages",1,"D:(A;OICI;GA;;;WD)" "c:\boot.ini",2,"D:PAR(A;;FA;;;BA)(A;;FA;;;SY)" "c:\ntdetect.com",2,"D:PAR(A;;FA;;;BA)(A;;FA;;;SY)" "c:\ntldr",2,"D:PAR(A;;FA;;;BA)(A;;FA;;;SY)" "c:\ntbootdd.sys",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "c:\autoexec.bat",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "c:\config.sys",2,"D:PAR(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x1200a9;;;BU)" "%ProgramFiles%",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1201bf;;;BU)" "%SystemRoot%\CSC",2,"D:PAR(A;OICI;FA;;;BA)" "%SystemRoot%\debug",0,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\Registration",2,"D:PAR(A;OI;FA;;;BA)(A;OI;FA;;;SY)(A;OI;FR;;;BU)" "%SystemRoot%\repair",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\Tasks",1,"D:AR" "%SystemRoot%\Temp",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1301bf;;;BU)" "%SystemRoot%\system32",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\Setup",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\spool\printers",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1301bf;;;AU)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1301bf;;;BU)" "%SystemRoot%\system32\config",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\dllcache",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\ias",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)" "%SystemDrive%\Documents and Settings",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemDrive%\System Volume Information",1,"D:PAR" "%SystemDrive%\",0,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1301bf;;;BU)" "%SystemDrive%\IO.SYS",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemDrive%\MSDOS.SYS",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\regedit.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rcp.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\Ntbackup.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rexec.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rsh.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\regedt32.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemDrive%\Documents and Settings\Administrator",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\secedit.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\Debug\UserMode",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;CCDCWP;;;BU)(A;OIIO;DCLC;;;BU)" "%SystemRoot%\system32\MsDtc",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1201bf;;;NS)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\wmimgmt.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\services.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\secpol.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rsop.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\perfmon.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)" "%SystemRoot%\system32\ntmsoprq.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\ntmsmgr.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\lusrmgr.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\gpedit.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\fsmgmt.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\eventvwr.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\diskmgmt.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\dfrg.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\devmgmt.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\compmgmt.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\Com\comexp.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\ciadv.msc",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%ProgramFiles%\Network Associates\Common Framework\Data",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1201bf;;;BU)" "%SystemDrive%\temp",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1301bf;;;BU)" [Service General Setting] Alerter,4,"" Browser,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" ClipSrv,4,"" MSFtpsvc,4,"" IISADMIN,4,"" Messenger,4,"" mnmsrvc,4,"" RemoteAccess,4,"" SMTPSVC,4,"" SNMP,4,"" SNMPTRAP,4,"" SSDPSRV,4,"" TlntSvr,4,"" W3SVC,4,"" lanmanserver,2,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" W32Time,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Schedule,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" wuauserv,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" SharedAccess,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" WebClient,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" wscsvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"