Sign in with
Sign up | Sign in
Your question

Secure Boot Settings "on." Can't turn "off" on local system.

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
August 9, 2004 9:44:27 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I cannot turn off the Secure Boot Settings for logon, on
my local machine.

The system is in a local workgroup, with no domain
controler, no group manager, only local machines/group. In
fact I've totally isolated it now, and removed all shares.

When I check Administrative Tools|Security Settings|Local
Policies (no group policy available), the "Disable
CTRL+ALT+DEL requirement shows "disabled" for the "local
settings" & "effective settings."

But, in CP |Users andPasswords|Advanced| the Secure Boot
Setting is grayed out.

There is a check in the grayed box, but no way for me to
access it. It acts like there is a domain or group policy
overide, or I don't have admin rights. But there is no
group policy since there is no PDC and I do have admin
rights.

When I go back to the "Disable CTRL+ATL+DEL requirement,"
and now select, "enable," I get: "disabled" for "local
setting" but, "Enabled" for "effective setting"! This is
the only policy where there is a difference between "local
setting" and "effective setting."

Checking back at the CP Users, the Secure Boot Setting is
still grayed out, but now, the check is gone.

(The only thing I did prior to noticing this was to
download MDAC 2.8 from MS with its patch--I wouldn't think
that would have anything to do with it, but who knows?)

Ideas on how to reconcile these problems?

1) get the box un-grayed, so I have local admin rights in
User and Passwords and can change the local settings.

2) get the "Disable Ctrl+Alt+Del requirement" to show the
same policy, for local and effective; since there is no
group policy (at not one I can see) to cause the override.

I have full admin rights. Have tried coming in through my
Admin group name, as well as Administrator. Neither, made
a difference.
The CP|Users & Admin. Settings|Security Settings --are
either reading me as no admin rights, or global overrides
are on, or both.

Thanks,
Bob
Anonymous
a b 8 Security
August 9, 2004 11:56:51 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I did make a discovery.
My reg file:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
SecuryBoot
is set to "1."
Changing it to "0" gets rid of the popup screen but does
nothing to help with the problem as described.

Please still help.

Thanks, Bob T.

>-----Original Message-----
>I cannot turn off the Secure Boot Settings for logon, on
>my local machine.
>
>The system is in a local workgroup, with no domain
>controler, no group manager, only local machines/group.
In
>fact I've totally isolated it now, and removed all shares.
>
>When I check Administrative Tools|Security
Settings|Local
>Policies (no group policy available), the "Disable
>CTRL+ALT+DEL requirement shows "disabled" for the "local
>settings" & "effective settings."
>
>But, in CP |Users andPasswords|Advanced| the Secure Boot
>Setting is grayed out.
>
>There is a check in the grayed box, but no way for me to
>access it. It acts like there is a domain or group
policy
>overide, or I don't have admin rights. But there is no
>group policy since there is no PDC and I do have admin
>rights.
>
>When I go back to the "Disable CTRL+ATL+DEL requirement,"
>and now select, "enable," I get: "disabled" for "local
>setting" but, "Enabled" for "effective setting"! This
is
>the only policy where there is a difference
between "local
>setting" and "effective setting."
>
>Checking back at the CP Users, the Secure Boot Setting is
>still grayed out, but now, the check is gone.
>
>(The only thing I did prior to noticing this was to
>download MDAC 2.8 from MS with its patch--I wouldn't
think
>that would have anything to do with it, but who knows?)
>
>Ideas on how to reconcile these problems?
>
>1) get the box un-grayed, so I have local admin rights in
>User and Passwords and can change the local settings.
>
>2) get the "Disable Ctrl+Alt+Del requirement" to show the
>same policy, for local and effective; since there is no
>group policy (at not one I can see) to cause the override.
>
>I have full admin rights. Have tried coming in through
my
>Admin group name, as well as Administrator. Neither,
made
>a difference.
>The CP|Users & Admin. Settings|Security Settings --are
>either reading me as no admin rights, or global overrides
>are on, or both.
>
>Thanks,
>Bob
>
>
>.
>
Anonymous
a b 8 Security
August 10, 2004 7:50:52 AM

Archived from groups: microsoft.public.win2000.security (More info?)

When you change a Local Security Setting, either try running [ secedit /refreshpolicy
machine_policy/enforce ] at the command prompt to refresh Local Security Policy or
reboot the computer and see if that helps.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;227302

If you still have difficulty you might try to rebuild your local security database as
described in the link below,

http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm

FYI there is a local Group Policy on your computer available with gpedit.msc. Local
Security Policy is a subset of local Group Policy. --- Steve

"Bob T" <anonymous@discussions.microsoft.com> wrote in message
news:31d601c47e73$30905280$a401280a@phx.gbl...
> I cannot turn off the Secure Boot Settings for logon, on
> my local machine.
>
> The system is in a local workgroup, with no domain
> controler, no group manager, only local machines/group. In
> fact I've totally isolated it now, and removed all shares.
>
> When I check Administrative Tools|Security Settings|Local
> Policies (no group policy available), the "Disable
> CTRL+ALT+DEL requirement shows "disabled" for the "local
> settings" & "effective settings."
>
> But, in CP |Users andPasswords|Advanced| the Secure Boot
> Setting is grayed out.
>
> There is a check in the grayed box, but no way for me to
> access it. It acts like there is a domain or group policy
> overide, or I don't have admin rights. But there is no
> group policy since there is no PDC and I do have admin
> rights.
>
> When I go back to the "Disable CTRL+ATL+DEL requirement,"
> and now select, "enable," I get: "disabled" for "local
> setting" but, "Enabled" for "effective setting"! This is
> the only policy where there is a difference between "local
> setting" and "effective setting."
>
> Checking back at the CP Users, the Secure Boot Setting is
> still grayed out, but now, the check is gone.
>
> (The only thing I did prior to noticing this was to
> download MDAC 2.8 from MS with its patch--I wouldn't think
> that would have anything to do with it, but who knows?)
>
> Ideas on how to reconcile these problems?
>
> 1) get the box un-grayed, so I have local admin rights in
> User and Passwords and can change the local settings.
>
> 2) get the "Disable Ctrl+Alt+Del requirement" to show the
> same policy, for local and effective; since there is no
> group policy (at not one I can see) to cause the override.
>
> I have full admin rights. Have tried coming in through my
> Admin group name, as well as Administrator. Neither, made
> a difference.
> The CP|Users & Admin. Settings|Security Settings --are
> either reading me as no admin rights, or global overrides
> are on, or both.
>
> Thanks,
> Bob
>
>
Related resources
Anonymous
a b 8 Security
August 10, 2004 1:35:57 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steven,

Thanks for the good suggestions.

Unfortunately, nothing worked.

The reseting, had no effect.

The rebuild, seemed to do nothing.

And the last, gpedit.msc. Local Security Policy is a
subset of local Group Policy, just threw me back into the
local policy.

I could find no way at all to get to the local Global.

I wonder if it could have anything to do with my MMC
settings?

Anyway, after wasting several hours, I finally gave up and
went to my backup.

I just wish I knew what caused the problem & how to get to
that local Global policies.

I'm off now to check the registry and see where my
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
SecurityBoot is set, 1 or 0?

Any more ideas will be appreciated.

Bob T


>-----Original Message-----
>When you change a Local Security Setting, either try
running [ secedit /refreshpolicy
>machine_policy/enforce ] at the command prompt to refresh
Local Security Policy or
>reboot the computer and see if that helps.
>
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;227302
>
>If you still have difficulty you might try to rebuild
your local security database as
>described in the link below,
>
>http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm
>
>FYI there is a local Group Policy on your computer
available with gpedit.msc. Local
>Security Policy is a subset of local Group Policy. ---
Steve
>
>"Bob T" <anonymous@discussions.microsoft.com> wrote in
message
>news:31d601c47e73$30905280$a401280a@phx.gbl...
>> I cannot turn off the Secure Boot Settings for logon, on
>> my local machine.
>>
>> The system is in a local workgroup, with no domain
>> controler, no group manager, only local machines/group.
In
>> fact I've totally isolated it now, and removed all
shares.
>>
>> When I check Administrative Tools|Security
Settings|Local
>> Policies (no group policy available), the "Disable
>> CTRL+ALT+DEL requirement shows "disabled" for the "local
>> settings" & "effective settings."
>>
>> But, in CP |Users andPasswords|Advanced| the Secure Boot
>> Setting is grayed out.
>>
>> There is a check in the grayed box, but no way for me to
>> access it. It acts like there is a domain or group
policy
>> overide, or I don't have admin rights. But there is no
>> group policy since there is no PDC and I do have admin
>> rights.
>>
>> When I go back to the "Disable CTRL+ATL+DEL
requirement,"
>> and now select, "enable," I get: "disabled" for "local
>> setting" but, "Enabled" for "effective setting"! This
is
>> the only policy where there is a difference
between "local
>> setting" and "effective setting."
>>
>> Checking back at the CP Users, the Secure Boot Setting
is
>> still grayed out, but now, the check is gone.
>>
>> (The only thing I did prior to noticing this was to
>> download MDAC 2.8 from MS with its patch--I wouldn't
think
>> that would have anything to do with it, but who knows?)
>>
>> Ideas on how to reconcile these problems?
>>
>> 1) get the box un-grayed, so I have local admin rights
in
>> User and Passwords and can change the local settings.
>>
>> 2) get the "Disable Ctrl+Alt+Del requirement" to show
the
>> same policy, for local and effective; since there is no
>> group policy (at not one I can see) to cause the
override.
>>
>> I have full admin rights. Have tried coming in through
my
>> Admin group name, as well as Administrator. Neither,
made
>> a difference.
>> The CP|Users & Admin. Settings|Security Settings --are
>> either reading me as no admin rights, or global
overrides
>> are on, or both.
>>
>> Thanks,
>> Bob
>>
>>
>
>
>.
>
Anonymous
a b 8 Security
August 10, 2004 10:14:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I am not sure what you mean by local global policies, but gpedit.msc brings up local
Group Policy for all the settings available on the local computer for both user and
computer configuration. Running gpresult /v may be helpful in showing what settings
are configured in Local Group Policy though the settings shown will not be in user
friendly terms but are usually decipherable as to what the Group Policy setting is.
Gpresult is part of the support tools that are in the install disk in the
support/tools folder where you need to install the set of them by running the setup
there. Sometimes it helps when you are having problems with security policy to reset
settings back to default defined levels using secedit as described in the link below.
Complications can arise when changing settings directly in the registry that can also
be changed via Security/Group policy in that defined settings may appear to be wrong.
Often changing a setting by enabling and disabling will refresh it to work
rrectly. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

"Bob T" <anonymous@discussions.microsoft.com> wrote in message
news:39ba01c47ef8$1cad11b0$a601280a@phx.gbl...
> Steven,
>
> Thanks for the good suggestions.
>
> Unfortunately, nothing worked.
>
> The reseting, had no effect.
>
> The rebuild, seemed to do nothing.
>
> And the last, gpedit.msc. Local Security Policy is a
> subset of local Group Policy, just threw me back into the
> local policy.
>
> I could find no way at all to get to the local Global.
>
> I wonder if it could have anything to do with my MMC
> settings?
>
> Anyway, after wasting several hours, I finally gave up and
> went to my backup.
>
> I just wish I knew what caused the problem & how to get to
> that local Global policies.
>
> I'm off now to check the registry and see where my
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
> SecurityBoot is set, 1 or 0?
>
> Any more ideas will be appreciated.
>
> Bob T
>
>
> >-----Original Message-----
> >When you change a Local Security Setting, either try
> running [ secedit /refreshpolicy
> >machine_policy/enforce ] at the command prompt to refresh
> Local Security Policy or
> >reboot the computer and see if that helps.
> >
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;227302
> >
> >If you still have difficulty you might try to rebuild
> your local security database as
> >described in the link below,
> >
> >http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm
> >
> >FYI there is a local Group Policy on your computer
> available with gpedit.msc. Local
> >Security Policy is a subset of local Group Policy. ---
> Steve
> >
> >"Bob T" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:31d601c47e73$30905280$a401280a@phx.gbl...
> >> I cannot turn off the Secure Boot Settings for logon, on
> >> my local machine.
> >>
> >> The system is in a local workgroup, with no domain
> >> controler, no group manager, only local machines/group.
> In
> >> fact I've totally isolated it now, and removed all
> shares.
> >>
> >> When I check Administrative Tools|Security
> Settings|Local
> >> Policies (no group policy available), the "Disable
> >> CTRL+ALT+DEL requirement shows "disabled" for the "local
> >> settings" & "effective settings."
> >>
> >> But, in CP |Users andPasswords|Advanced| the Secure Boot
> >> Setting is grayed out.
> >>
> >> There is a check in the grayed box, but no way for me to
> >> access it. It acts like there is a domain or group
> policy
> >> overide, or I don't have admin rights. But there is no
> >> group policy since there is no PDC and I do have admin
> >> rights.
> >>
> >> When I go back to the "Disable CTRL+ATL+DEL
> requirement,"
> >> and now select, "enable," I get: "disabled" for "local
> >> setting" but, "Enabled" for "effective setting"! This
> is
> >> the only policy where there is a difference
> between "local
> >> setting" and "effective setting."
> >>
> >> Checking back at the CP Users, the Secure Boot Setting
> is
> >> still grayed out, but now, the check is gone.
> >>
> >> (The only thing I did prior to noticing this was to
> >> download MDAC 2.8 from MS with its patch--I wouldn't
> think
> >> that would have anything to do with it, but who knows?)
> >>
> >> Ideas on how to reconcile these problems?
> >>
> >> 1) get the box un-grayed, so I have local admin rights
> in
> >> User and Passwords and can change the local settings.
> >>
> >> 2) get the "Disable Ctrl+Alt+Del requirement" to show
> the
> >> same policy, for local and effective; since there is no
> >> group policy (at not one I can see) to cause the
> override.
> >>
> >> I have full admin rights. Have tried coming in through
> my
> >> Admin group name, as well as Administrator. Neither,
> made
> >> a difference.
> >> The CP|Users & Admin. Settings|Security Settings --are
> >> either reading me as no admin rights, or global
> overrides
> >> are on, or both.
> >>
> >> Thanks,
> >> Bob
> >>
> >>
> >
> >
> >.
> >
!