Re: How do I restore security only on XP Pro?

From: Peter Clark (
Date: 04/28/03

Date: Mon, 28 Apr 2003 12:42:02 -0700

why not just: run secedit and export your security settings
to an inf, run local security policy and export your ipsec
settings (if any) backup your efs keys(if any) backup your
c:\documents and settings\%username% folders. export/backup
the syskey, the profilelist and user keys. check/backup
ms/third party programs that store user data in "other"
locations - licensing info also and for orginal setups.

"The final aim is to avoid re-registering the computer into
the domain again." humm probably need some entries from
the security hive also, probably in the secrets key.

install on a new machine and import the lot. simple. :-)
just an idea, but it will probably work.

>-----Original Message-----
>ASR would be similar to just doing a backup with system state
>and then restoring after the fresh install, which you
indicate you
>have reason for not wanting to do.
>Simply copying profiles is no longer an advised way of doing
>things. There is now stuff stored there that is SID
sensitive as
>well as controlled by encryption based on a hash of the
>The Fast approach would be very tedious if there are many
>but it will handle things like Office product identities,
email storage,
>etc. which is otherwise a little tricky.
>In the long run, trying for a shortcut based on simple
copy out
>and copy back will probably end up being more effort (again,
>depending on how much of this you need to do)
>"Vince C." <> wrote in message
>> "Roger Abell {MVP}" <> a écrit dans le
message de
>> news:eRPWbBYDDHA.2100@TK2MSFTNGP11.phx.gbl...
>> > There is no tool available to do exactly what you ask.
>> > What you can do however, is to use the Fast tool (file
>> > and settings transfer = fast) to collect together what
>> > should be transferred from an old account and restored
>> > into the new accounts.
>> > You will need to define the new accounts in the new
>> > install. For each account you need to log in before in
>> > the old system and then again in the new system, each
>> > time running Fast.
>> > You will find Fast as the fastwiz file in the CD, IIRC it
>> > its in the support folder. You will want to filter down
>> > rather severely what files are transferred, keeping things
>> > like the email software's pst pab etc files, but not
>> > things like exe files or the transfer file will become
>> >
>> > --
>> > Roger
>> Thanks Roger.
>> If I understood there is no way to recover the machine
SID, for instance? At
>> that level it seems it's as fast to save my profiles
somewhere, logon using
>> new accounts and restore all profiles from saved
locations. I also assume
>> I'll need to set access rights on all registries
>> I read a little on ASR (Automated System Recovery).
Can't it substantially
>> do what I want? I won't have both machines in the same
time, that's my
>> problem...
>> Vince C.