Messed up Security Policy (0:BAG:BAD), now what?

Don't exactly remember what got me to look at Component Services -> Local Policies -> Security Options -> DCOM: Machine Launch Restrictions in Security Descriptor Definition Language syntax. Maybe trying to enable the grayed out Local Activation options for IIS WAMREG as what I discussed in the previous post (which is the correct way!). So this policy shows "Not Defined". I probalby read the wrong blog or something, so decided to click Edit Security on the Properties window of this policy, and removed all the entries in Group or usernames. As soon as I clicked OK, 0:BAG:BAD showed up in the Security descriptor box. Now even after I went back and added back the groups and users, this 0:BAG:BAD entry would not go away. And weird things start to happen after a reboot, like the Windows Explorer wouldn't start anymore, giving a permission error. Many posts suggest to repair the windows install, or run secedit to reset the security (http://support.microsoft.com/kb/313222) . Now this is my Windows 2008 R2 SharePoint VM, so I know if I reset security, SharePoint would stop working. I had no choice but to give it a shot. No! resetting security didn't fix this, and sure wiped out other security settings that SharePoint needs.

Then I figured it out purely by luck. The value of the Security Descriptor is in fact stored in the registry. Simply right click Security Settings at the top in the Local Security Policy window and select Export Policy. It creates a .inf file with all the registry locations of the policies. Go to RegEdit, find it, and delete the entire string value entry (the one with 0:BAG:BAD), restart Local Security Policy, voila! the Policy is set back to "Not Defined"!