; Copyright (c) Microsoft Corporation.  All rights reserved.
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name:        pusv.INF
; Template Version:     05.10.PUS.0000
;
; Power User Rollback template for LH Server.
;
; There is no template to undo the effect of applying the Power User permissions.
; Please make sure you have completely understood the impact of adding Power User 
; aces before applying the template. 

[Profile Description]
%SCEDefltSVProfileDescription%

[version]
signature="$CHICAGO$"
revision=1
DriverVer=06/21/2006,6.3.9600.20610


[Privilege Rights]
SeChangeNotifyPrivilege = Add:, *S-1-5-32-547
SeInteractiveLogonRight = Add:, *S-1-5-32-547
SeNetworkLogonRight = Add:, *S-1-5-32-547
SeProfileSingleProcessPrivilege = Add:, *S-1-5-32-547
SeShutdownPrivilege = Add:, *S-1-5-32-547
SeSystemTimePrivilege = Add:, *S-1-5-32-547
SeUndockPrivilege = Add:, *S-1-5-32-547

[Service General Setting]
;autostarted on workstations and servers, standalone or joined
TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Schedule,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Sysmonlog,,"D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCRPLOCR;;;LU)S:AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"


ClipSrv,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWLORC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NetDDE,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWLORC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NetDDEdsdm,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWLORC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;Not autostarted if machine is standalone
Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;Server Only Services
Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"


[Registry Keys]

"MACHINE\Software",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"

;Not same as parent, and this is the target of a symlink - set explicitly.
"MACHINE\SOFTWARE\Classes",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Classes\.hlp",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GR;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates\Authroot",0,"D:AI(A;CIOI;GA;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)"

"MACHINE\Software\Microsoft\Windows\CurrentVersion",0,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks",0,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"

;The following keys do not exist when we run.
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"

"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GR;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"


"MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GR;;;PU)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"

"USERS\.DEFAULT",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GR;;;PU)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

[File Security]
;---------------------------------------------------------------------------------------------
;ProgramFiles
;---------------------------------------------------------------------------------------------
"%SceInfProgramFiles%",0,"D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1301bf;;;SY)(A;OICIIO;GA;;;SY)(A;;0x1301bf;;;BA)(A;OICIIO;GA;;;BA)(A;OICI;GXGR;;;BU)(A;OICIIO;GA;;;CO)(A;OICI;GRGWGXSD;;;PU)"

;---------------------------------------------------------------------------------------------
;System Root (Typically \WINDOWS)
;---------------------------------------------------------------------------------------------

"%SystemRoot%",0,"D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

;---------------------------------------------------------------------------------------------
;System Directory (Typically \Windows\System32)
;---------------------------------------------------------------------------------------------

"%SystemDirectory%",0,"D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

[Strings]

SceInfAdministrator = "Administrator"
SceInfAdmins = "Administrators"
SceInfAcountOp = "Account Operators"
SceInfAuthUsers = "Authenticated Users"
SceInfInteractive = "INTERACTIVE"
SceInfBackupOp = "Backup Operators"
SceInfDomainAdmins = "Domain Admins"
SceInfDomainGuests = "Domain Guests"
SceInfDomainUsers = "Domain Users"
SceInfEveryone = "Everyone"
SceInfGuests = "Guests"
SceInfGuest = "Guest"
SceInfPowerUsers = "Power Users"
SceInfPrintOp = "Print Operators"
SceInfReplicator = "Replicator"
SceInfServerOp = "Server Operators"
SceInfUsers = "Users"
SceInfLocalService = "Local Service"
SceInfNetworkService = "Network Service"
SceInfProgramFiles = "%ProgramFiles%"
SceInfProgramFilesx86 = "%ProgramFiles(x86)%"
SceInfCommonProgramFiles = "%CommonProgramFiles%"
SceInfRemoteDesktopUsers = "Remote Desktop Users"
SceDefltSVProfileDescription = "Default Security Settings. (Windows Server)"
SCEInfSysdir1 = "edit.com"
SCEInfSysdir2 = "edit.hlp"
SCEInfHelp1 = "signin.hlp"