Oh man, I made a big dumdum. Screwed up gpedit.msc - No access to any programs

doomile

Honorable
Aug 12, 2013
8
0
10,510
Hi all. Thanks in advance for help anyone might be able to lend.

So I was trying to allow a non-admin account access to a specific program by editing gpedit.msc. What I believe I did instead was only allow access to that program. Now, whenever I try to open ANY program I get the error...

"This operation has been cancelled due to restrictions in effect on this computer."

I can't figure out for the life of me how to fix this. The error pops up when I click on the system restore tab in the control panel so that's not an option.

I booted into safe mode and accessed MMC, but even there I get the error when I try to open gpedit.msc

Any ideas?
 
Solution
I think you could boot from the Windows CD and select system repair, I think there's an automatic repair mode that might fix your issue. If not, there's a mode where you can get into a console with command line and I think you can find system restore files with snapshots of previous registry back-up and manually overwrite current registry using command lines. It seems a little tricky and I never tried that myself, but I saw some procedures on the web on how to do it, so you might search for that. But just try the automatic repair first.

MC_K7

Distinguished
OK sorry I read your original post too fast. Hmmm... I'm not an expert in group policy, but now I understand you have this issue with every accounts? Even admin accounts?

You'll probably need an expert with GPO answering you, but for me the fix would be to reinstall Windows, but I understand you probably want to avoid that if you posted here. Sorry if I couldn't be of more help.
 

doomile

Honorable
Aug 12, 2013
8
0
10,510
The admin account also has this problem. I am confident that if I could gain access to gpedit.msc I could easily fix the problem. And yes, I would definitely like to avoid reinstalling windows.
 

flexxar

Honorable
Oct 6, 2012
431
0
10,860
I would try to right-click the command prompt utility and select run as administrator. Then within that, type gpedit.msc.

Or try to right click C:\WINDOWS\system32\gpedit.msc and run as administrator.
 

doomile

Honorable
Aug 12, 2013
8
0
10,510


While I haven't tried this yet, I highly doubt it will work. Basically, anything that once required administrator access is now met with the 'This operation has been cancelled due to restrictions in effect on this computer' error.

The computer is very locked down. I was able to start regedit from the command prompt in safe mode. However, the specific gpedit.exe file is met with the same error when I try to run it from command prompt.

I guess a better question to ask is, does anyone know how to manipulate group policy from regedit? Is that even possible?
 

MC_K7

Distinguished
I think you could boot from the Windows CD and select system repair, I think there's an automatic repair mode that might fix your issue. If not, there's a mode where you can get into a console with command line and I think you can find system restore files with snapshots of previous registry back-up and manually overwrite current registry using command lines. It seems a little tricky and I never tried that myself, but I saw some procedures on the web on how to do it, so you might search for that. But just try the automatic repair first.
 
Solution

flexxar

Honorable
Oct 6, 2012
431
0
10,860
Depending on which OS you are using, you could try...

For XP, click on Start, Run and then type in CMD. Now copy and paste the following command into the window:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

If you are running Windows Vista and need to reset the security settings to their default values, use this command instead:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

With Win7, right click the command prompt utility and run as administrator. Then run "net user administrator /active:yes". Then log out of the current user. There should be a hidden admin account there. Log into that and you should be able to get right into gpedit on that account.