I have my forum set up in such a way that I never use default usergroup/moderator permissions in the admincp.

It's a security risk because if I miss something, I may give someone access to something they shouldn't have. I would like to change the default permissions to something that is "always safe" for the way I run my forum so I don't have to worry about overlooking something. What code do I need to edit to change the default options?

Is bitfield_vbulletin.xml the file I need to edit to do this? Could I edit this file directly, or do I need to do it from somewhere else? I'm a bit intimidated by it, but willing to try to figure it out... I just want to make sure I'm on the right track.

I don't think you wnt to edit any of the xml files, I believe they just assign names to specific bits. If you're talking about the default settings when you create a new usergroup, I think they're in admincp/usergroup.php around line 125:

else
{
$ug_bitfield = array(
'genericoptions' => array('showgroup' => 1, 'showeditedby' => 1, 'isnotbannedgroup' => 1),
'forumpermissions' => array('canview' => 1, 'canviewothers' => 1, 'cangetattachment' => 1,
'cansearch' => 1, 'canthreadrate' => 1, 'canpostattachment' => 1, 'canpostpoll' => 1, 'canvote' => 1, 'canviewthreads' => 1),
'wolpermissions' => array('canwhosonline' => 1),
'genericpermissions' => array('canviewmembers' => 1, 'canmodifyprofile' => 1, 'canseeprofilepic' => 1, 'canusesignature' => 1, 'cannegativerep' => 1, 'canuserep' => 1, 'cansearchft_nl' => 1)
);
// set default numeric permissions
$usergroup = array(
'pmquota' => 0, 'pmsendmax' => 5, 'attachlimit' => 1000000,
'avatarmaxwidth' => 50, 'avatarmaxheight' => 50, 'avatarmaxsize' => 20000,
'profilepicmaxwidth' => 100, 'profilepicmaxheight' => 100, 'profilepicmaxsize' => 25000, 'sigmaxsizebbcode' => 7
);
}

I don't think you wnt to edit any of the xml files, I believe they just assign names to specific bits. If you're talking about the default settings when you create a new usergroup, I think they're in admincp/usergroup.php around line 125
I did edit the xml file "bitfield_vbulletin.xml" to change the default moderator permissions. I added or removed "default="1"" and this worked. I didn't touch the numbers though. I also edited the code you quoted in usergroup.php and that worked for the usergroup defaults. Thanks.

Now I'm trying to track down the avatar gallery defaults. My forum uses the galleries extensively and now that it's several years old we have many "retired" galleries where we change all the "can use" usergroup permissions to "no". This allows members to keep the avatar but the galleries no longer appear on the list. Problem is, since these permissions default to yes, any new usergroup causes us to have to go through all the permissions again to change them to "no". I want all galleries to default to "no" so I just have to switch the registered usergroup to "yes" when I create the gallery.

The page with these permissions is images.php in the admincp directory. I found "$canuse" in the code, but it isn't clear to me where the default setting is specified.

Is this the right section of code to specify the default permission?

// ###################### Start Edit Permissions #######################
if ($_REQUEST['do'] == 'editpermissions')
{
$vbulletin->input->clean_array_gpc('r', array(
'imagecategoryid' => TYPE_INT
));

$categoryinfo = verify_id('imagecategory', $vbulletin->GPC['imagecategoryid'], 0, 1);
if ($categoryinfo['imagetype'] == 3)
{
print_stop_message('smilie_categories_dont_support _permissions');
}

$usergroups = $db->query_read("
SELECT usergroup.*, imagecategoryid AS nopermission FROM " . TABLE_PREFIX . "usergroup AS usergroup
LEFT JOIN " . TABLE_PREFIX . "imagecategorypermission AS imgperm ON
(imgperm.usergroupid = usergroup.usergroupid AND imgperm.imagecategoryid = " . $vbulletin->GPC['imagecategoryid'] . ")
ORDER BY title
");

print_form_header('image', 'updatepermissions');
construct_hidden_code('table', $vbulletin->GPC['table']);
construct_hidden_code('imagecategoryid', $vbulletin->GPC['imagecategoryid']);
print_table_header(construct_phrase($vbphrase["permissions_for_{$itemtype}_category_x"], $categoryinfo['title']));
print_label_row('<span class="smallfont"><b>' . $vbphrase['usergroup'] . '</b></span>', '<span class="smallfont"><b>' . $vbphrase["can_use_this_{$itemtype}_category"] . '</b></span>');
while ($usergroup = $db->fetch_array($usergroups))
{
$usergroupid = $usergroup['usergroupid'];
$canuse = iif($usergroup['nopermission'], 0, 1);
print_yes_no_row($usergroup['title'], "iperm[$usergroupid]", $canuse);
}
print_submit_row($vbphrase['save']);

}

--------------- Added 1330669158 at 1330669158 ---------------

After some trial and error I found that editing the line "$categoryinfo = verify_id('imagecategory', $vbulletin->GPC['imagecategoryid'], 0, 1);" and swapping the places of "0, 1" changes the defaults to no. However, after testing it doesn't work properly. The defaults appear to be "no" but the galleries are still listed and I occasionally get the "smilie categories don't support permissions" error. I seem to be in the right general area, but there is more to it. Any help would be greatly appreciated.