resetting windows local security policy is annoying

sometimes you just need to remove a system from one ad domain and add it to another. a problem is that the other domain's registry settings get tattooed. yuck.

well, i like to just reset everything, because i'm lazy that way. as administrator at the command prompt...

for xp & server 2003:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

for vista:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose