Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Admin cant run gpedit.msc? 2

Status
Not open for further replies.
trojanman

trojanman

IS-IT--Management
Jun 14, 2006
280
US
This is weird. I didnt make any gpo changes but for some reason, my shut down and run icons are missing from start menu. I tried to run gpedit,sm and it told me that access is denied!?!? For an admin account? I created another admin account and the shut down and run icons are present but access is still denied to gpedit.

I remember reading somewhere that you can set the deny permission for the admin group so it doesnt lock them out with gpo changes. It was gp****.*** something.

Any help?
 
Sort by date Sort by votes
Method #1: Set a Deny read ACL on the Group Policy file
John Heuglin suggested this nifty trick.

Set the Group Policies.

In Windows Explorer, right click on "%systemroot%\System32\GroupPolicy\gpt.ini" and select Properties.

Select the Security tab.

Select the "Administrators" group in the Access Control List (ACL).

Select the "Deny" box for Full Control and select OK.

Log off/Log on as the administrator

Once this task is completed, the administrator will no longer be affected by the local GPO, but all other users will. However, because you have denied yourself permission to read the local GPO, you cannot edit it the local Group Policy on the fly. You must go back in and uncheck the "Deny" permissions on the gpt.ini file prior to making changes to the local Group Policy.

Method #2

Method #3
 
Upvote 0 Downvote
Damn, didnt work. I still cant run gedit.msc. Im freaking out because I know I didnt change anyting. Any other ideas?
 
Upvote 0 Downvote
Lets check the registry.

1. Restrictions on users running applications

This is what you would do to restrict a user from running a specific application like gpedit.msc. Just run the process in reverse to enable gpedit.msc:

Start/Run/Regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.Value Name: DisallowRun
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer] Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe"). Restart Windows for the changes to take effect.

2. Restrict Applications Users Can Run

Start/Run/Regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Value Name: RestrictRun Open your registry and find the key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer] Create a new DWORD value and name it "RestrictRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\RestrictRun] and define the applications that are allowed. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be allowed (e.g. "regedit.exe"). Restart Windows for the changes to take effect.

3. Possible workarounds:

KillPol: RegPol:
 
Upvote 0 Downvote
No, no and no. None of it works. I was able to get my shutdown and run icons back but I still cant run gpedit.
 
Upvote 0 Downvote
Make sure it is not just a PATH error: thread779-467142
 
Upvote 0 Downvote
Will try to set security settings later. Whats weird is that when I run killpol, everything is good until I reboot.

Thx for the links!
 
Upvote 0 Downvote
Then it is clearly a policy setting then, if KillPol works.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Risk of running unsupported server version 1
Replies
7
Views
688
goombawaho
goombawaho
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
3K
goombawaho
goombawaho
xwb
  • Locked
  • Question
Switching to admin user when installing msi
Replies
0
Views
174
xwb
xwb
vedamin
  • Locked
  • Question
OLE Object gets corrupt on 2nd run in VFP9 only on Windows 7
Replies
2
Views
249
Mike Lewis
Mike Lewis
BloodFeastMan
  • Locked
  • Question
Running a "dir" command from "Scheduled Tasks" returns entire registry
Replies
3
Views
302
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top