unable to create shedule task after following http://support.microsoft.com/kb/962007 article and rem

I have followed this article to safeguard our network for conficker virus.
http://support.microsoft.com/kb/962007 which include some registry
modification for schedule task and no permission to task folder in windows
for new task creation.. i only did this two steps through GPO. i did not
disabled local admin account...

now i have removed (deleted) this entry from GPO and force the update.
I rebooted the machine where i wanted to create new tasks i still get error
saying you might not have permission to windows\task folder...

how do i revert back where i can normal create new tasks the user with which
i am logged in is local admin group member and task that i wants to run
under is domain admin and has log on as batch job rights all over network.

thank you.

 

"Imran Admin" <imran admin> wrote in message
news:euKkRA5tJHA.1088@TK2MSFTNGP04.phx.gbl...
>I have followed this article to safeguard our network for conficker virus.
>http://support.microsoft.com/kb/962007 which include some registry
>modification for schedule task and no permission to task folder in windows
>for new task creation.. i only did this two steps through GPO. i did not
>disabled local admin account...
>
> now i have removed (deleted) this entry from GPO and force the update.
> I rebooted the machine where i wanted to create new tasks i still get
> error saying you might not have permission to windows\task folder...
>
> how do i revert back where i can normal create new tasks the user with
> which i am logged in is local admin group member and task that i wants to
> run under is domain admin and has log on as batch job rights all over
> network.
>
> thank you.


After you have verified that your system is clean, you need to restore
appropriate NTFS permissions to the Tasks folder.

 

So can you tell me if below steps are OK.

1 do i have to simply remove the GPO entry that i did.
2. or i have to edit this below reg key through GPO and restore the
permission to what it was before and wait untill GPO applies to all
corkstatiosn since it was compute rpolicy i need to reboot all workstaion am
i right..

-------------------------------------------------------------------------
Set the policy to remove write permissions to the following registry subkey:
1.. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Svchost
2.. This prevents the random named malware service from being created in
the netsvcs registry value.

To do this, follow these steps:
3.. Open the Group Policy Management Console (GPMC).
4.. Create a new Group Policy object (GPO). Give it any name that you
want.
5.. Open the new GPO, and then move to the following folder:
Computer Configuration\Windows Settings\Security Settings\Registry
6.. Right-click Registry, and then click Add Key.
7.. In the Select Registry Key dialog box, expand Machine, and then move
to the following folder:
Software\Microsoft\Windows NT\CurrentVersion\Svchost
8.. Click OK.
9.. In the dialog box that opens, click to clear the Full Control check
box for both Administrators and System.
10.. Click OK.
11.. In the Add Object dialog box, click Replace existing permissions on
all subkeys with inheritable permissions.
12.. Click OK.
Set the policy to remove write permissions to the %windir%\tasks folder.
This prevents the Conficker malware from creating the Scheduled Tasks that
can re-infect the system.

To do this, follow these steps:
1.. In the same GPO that you created earlier, move to the following
folder:
Computer Configuration\Windows Settings\Security Settings\File System
2.. Right-click File System, and then click Add File.
3.. In the Add a file or folder dialog box, browse to the %windir%\Tasks
folder. Make sure that Tasks is highlighted and listed in the Folder: dialog
box.
4.. Click OK.
5.. In the dialog box that opens, click to clear the check boxes for Full
Control, Modify and Write for both Administrators and System.
6.. Click OK.
7.. In the Add Object dialog box, click Replace existing permissions on
all subkeys with inheritable permissions.
8.. Click OK.
---------------------------

3. if not how can i restore task folder permission back to all users thgouh
GPO.




"Pegasus [MVP]" <news@microsoft.com> wrote in message
news:%235mPaT5tJHA.4980@TK2MSFTNGP02.phx.gbl...
>
> "Imran Admin" <imran admin> wrote in message
> news:euKkRA5tJHA.1088@TK2MSFTNGP04.phx.gbl...
>>I have followed this article to safeguard our network for conficker virus.
>>http://support.microsoft.com/kb/962007 which include some registry
>>modification for schedule task and no permission to task folder in windows
>>for new task creation.. i only did this two steps through GPO. i did not
>>disabled local admin account...
>>
>> now i have removed (deleted) this entry from GPO and force the update.
>> I rebooted the machine where i wanted to create new tasks i still get
>> error saying you might not have permission to windows\task folder...
>>
>> how do i revert back where i can normal create new tasks the user with
>> which i am logged in is local admin group member and task that i wants to
>> run under is domain admin and has log on as batch job rights all over
>> network.
>>
>> thank you.
>
>
> After you have verified that your system is clean, you need to restore
> appropriate NTFS permissions to the Tasks folder.
>