How to Delete a Software Restriction Policy (SRP)?


So I've been aware of SRP for some time now. Never really investigated it. Always thought, big deal, who needs it.

So yesterday ... I decide.

So I did it.

Opened Group Policy Object Editor (gpedit.msc).
Drilled down to Computer Configuration | Windows Settings | Security Settings.
As there was no policy existing, Windows said so, saying that I needed to create a new one.
Action | Create New Policies.
Done. That was easy!

Having never messed with it before, I take a look at the interface, thinking, hmmm, pretty basic. Not a lot of options, not very extensible (for me), & doesn't look like it will fit in with the way I do things.

SRP is a good thing. Everyone extols its' virtues. Just don't feel it is good for me.

So I go looking a bit further into its settings (of which there are only a few primary ones). Everyone says, oh, set this this way & that that way & you'll be protected to the most-est.

Then I get to a MS article on it. And it says for DLL Checking ...

Quote:

A program, such as Internet Explorer consists of an executable file, iexplore.exe, and many supporting dynamic link libraries (DLL). By default, software restriction policy rules are not enforced against DLLs. This is the recommended option for most customers for three reasons.

* Disallowing the main executable file prevents the program from running, so there is no need to disallow all of the constituent dynamic link libraries.
* DLL checking results in performance degradation. If a user runs 10 programs during a logon session, the software restriction policy is evaluated 10 times. If DLL checking is turned on, the software restriction policy is evaluated for each DLL load within each program. If each program uses 20 DLLs, this results in 10 executable program checks plus 200 DLL checks, so the software restriction policy is evaluated 210 times.
* If the default security level is set to Disallowed, then not only does the main executable file have to be identified to allow it to run, but all of its constituent DLLs also must be identified, which can be burdensome.

DLL checking is provided as an option for environments that want the highest assurance possible when running programs. While viruses primarily target executables for infection, some target DLLs. To ensure that a program has not been infected by a virus, you can use a set of hash rules that identify the executable and all of its required DLLs.

Everyone extols the virtues of setting full EXE & DLL restrictions, but no one mentions the downside of doing that (the DLL checks too). Now what it might mean in the real world (the DLL checks), I don't know, but it seems silly to me to do that.

And the more I read about it, the more I think, won't mesh well with me, don't need it, don't want it.



And now I do not want it.


Now how do I remove it?
Oh you think, right-click, delete, or something like that? Heh.
Safe Mode? Heh.
Someone mentioned needing to do it from a "server" OS, like Windows 2000 Server? Huh!

From what I can tell, there is no (straight forward, easy) way to remove a Policy (in XP) once it has been set up. (Don't forget how easy it was to set up in the first place. Action | Create New Policies. Done!)

(Is it any wonder things like Limited User accounts & SRP are not used.)


Any idea how to remove this (virus) :evilgrin: I added to my machine?


XP Pro SP3.
(SRP is not available on XP Home or the lower end Vista/7 versions.)


Using Software Restriction Policies to Protect Against Unauthorized Software
http://technet.microsoft.com/en-us/library/bb457006.aspx