Secure Boot Settings "on." Can't turn "off" on local system.

Archived from groups: microsoft.public.win2000.security (More info?)

I cannot turn off the Secure Boot Settings for logon, on
my local machine.

The system is in a local workgroup, with no domain
controler, no group manager, only local machines/group. In
fact I've totally isolated it now, and removed all shares.

When I check Administrative Tools|Security Settings|Local
Policies (no group policy available), the "Disable
CTRL+ALT+DEL requirement shows "disabled" for the "local
settings" & "effective settings."

But, in CP |Users andPasswords|Advanced| the Secure Boot
Setting is grayed out.

There is a check in the grayed box, but no way for me to
access it. It acts like there is a domain or group policy
overide, or I don't have admin rights. But there is no
group policy since there is no PDC and I do have admin
rights.

When I go back to the "Disable CTRL+ATL+DEL requirement,"
and now select, "enable," I get: "disabled" for "local
setting" but, "Enabled" for "effective setting"! This is
the only policy where there is a difference between "local
setting" and "effective setting."

Checking back at the CP Users, the Secure Boot Setting is
still grayed out, but now, the check is gone.

(The only thing I did prior to noticing this was to
download MDAC 2.8 from MS with its patch--I wouldn't think
that would have anything to do with it, but who knows?)

Ideas on how to reconcile these problems?

1) get the box un-grayed, so I have local admin rights in
User and Passwords and can change the local settings.

2) get the "Disable Ctrl+Alt+Del requirement" to show the
same policy, for local and effective; since there is no
group policy (at not one I can see) to cause the override.

I have full admin rights. Have tried coming in through my
Admin group name, as well as Administrator. Neither, made
a difference.
The CP|Users & Admin. Settings|Security Settings --are
either reading me as no admin rights, or global overrides
are on, or both.

Thanks,
Bob
4 answers Last reply
More about secure boot settings turn local system
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I did make a discovery.
    My reg file:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
    SecuryBoot
    is set to "1."
    Changing it to "0" gets rid of the popup screen but does
    nothing to help with the problem as described.

    Please still help.

    Thanks, Bob T.

    >-----Original Message-----
    >I cannot turn off the Secure Boot Settings for logon, on
    >my local machine.
    >
    >The system is in a local workgroup, with no domain
    >controler, no group manager, only local machines/group.
    In
    >fact I've totally isolated it now, and removed all shares.
    >
    >When I check Administrative Tools|Security
    Settings|Local
    >Policies (no group policy available), the "Disable
    >CTRL+ALT+DEL requirement shows "disabled" for the "local
    >settings" & "effective settings."
    >
    >But, in CP |Users andPasswords|Advanced| the Secure Boot
    >Setting is grayed out.
    >
    >There is a check in the grayed box, but no way for me to
    >access it. It acts like there is a domain or group
    policy
    >overide, or I don't have admin rights. But there is no
    >group policy since there is no PDC and I do have admin
    >rights.
    >
    >When I go back to the "Disable CTRL+ATL+DEL requirement,"
    >and now select, "enable," I get: "disabled" for "local
    >setting" but, "Enabled" for "effective setting"! This
    is
    >the only policy where there is a difference
    between "local
    >setting" and "effective setting."
    >
    >Checking back at the CP Users, the Secure Boot Setting is
    >still grayed out, but now, the check is gone.
    >
    >(The only thing I did prior to noticing this was to
    >download MDAC 2.8 from MS with its patch--I wouldn't
    think
    >that would have anything to do with it, but who knows?)
    >
    >Ideas on how to reconcile these problems?
    >
    >1) get the box un-grayed, so I have local admin rights in
    >User and Passwords and can change the local settings.
    >
    >2) get the "Disable Ctrl+Alt+Del requirement" to show the
    >same policy, for local and effective; since there is no
    >group policy (at not one I can see) to cause the override.
    >
    >I have full admin rights. Have tried coming in through
    my
    >Admin group name, as well as Administrator. Neither,
    made
    >a difference.
    >The CP|Users & Admin. Settings|Security Settings --are
    >either reading me as no admin rights, or global overrides
    >are on, or both.
    >
    >Thanks,
    >Bob
    >
    >
    >.
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    When you change a Local Security Setting, either try running [ secedit /refreshpolicy
    machine_policy/enforce ] at the command prompt to refresh Local Security Policy or
    reboot the computer and see if that helps.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;227302

    If you still have difficulty you might try to rebuild your local security database as
    described in the link below,

    http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm

    FYI there is a local Group Policy on your computer available with gpedit.msc. Local
    Security Policy is a subset of local Group Policy. --- Steve

    "Bob T" <anonymous@discussions.microsoft.com> wrote in message
    news:31d601c47e73$30905280$a401280a@phx.gbl...
    > I cannot turn off the Secure Boot Settings for logon, on
    > my local machine.
    >
    > The system is in a local workgroup, with no domain
    > controler, no group manager, only local machines/group. In
    > fact I've totally isolated it now, and removed all shares.
    >
    > When I check Administrative Tools|Security Settings|Local
    > Policies (no group policy available), the "Disable
    > CTRL+ALT+DEL requirement shows "disabled" for the "local
    > settings" & "effective settings."
    >
    > But, in CP |Users andPasswords|Advanced| the Secure Boot
    > Setting is grayed out.
    >
    > There is a check in the grayed box, but no way for me to
    > access it. It acts like there is a domain or group policy
    > overide, or I don't have admin rights. But there is no
    > group policy since there is no PDC and I do have admin
    > rights.
    >
    > When I go back to the "Disable CTRL+ATL+DEL requirement,"
    > and now select, "enable," I get: "disabled" for "local
    > setting" but, "Enabled" for "effective setting"! This is
    > the only policy where there is a difference between "local
    > setting" and "effective setting."
    >
    > Checking back at the CP Users, the Secure Boot Setting is
    > still grayed out, but now, the check is gone.
    >
    > (The only thing I did prior to noticing this was to
    > download MDAC 2.8 from MS with its patch--I wouldn't think
    > that would have anything to do with it, but who knows?)
    >
    > Ideas on how to reconcile these problems?
    >
    > 1) get the box un-grayed, so I have local admin rights in
    > User and Passwords and can change the local settings.
    >
    > 2) get the "Disable Ctrl+Alt+Del requirement" to show the
    > same policy, for local and effective; since there is no
    > group policy (at not one I can see) to cause the override.
    >
    > I have full admin rights. Have tried coming in through my
    > Admin group name, as well as Administrator. Neither, made
    > a difference.
    > The CP|Users & Admin. Settings|Security Settings --are
    > either reading me as no admin rights, or global overrides
    > are on, or both.
    >
    > Thanks,
    > Bob
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Steven,

    Thanks for the good suggestions.

    Unfortunately, nothing worked.

    The reseting, had no effect.

    The rebuild, seemed to do nothing.

    And the last, gpedit.msc. Local Security Policy is a
    subset of local Group Policy, just threw me back into the
    local policy.

    I could find no way at all to get to the local Global.

    I wonder if it could have anything to do with my MMC
    settings?

    Anyway, after wasting several hours, I finally gave up and
    went to my backup.

    I just wish I knew what caused the problem & how to get to
    that local Global policies.

    I'm off now to check the registry and see where my
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
    SecurityBoot is set, 1 or 0?

    Any more ideas will be appreciated.

    Bob T


    >-----Original Message-----
    >When you change a Local Security Setting, either try
    running [ secedit /refreshpolicy
    >machine_policy/enforce ] at the command prompt to refresh
    Local Security Policy or
    >reboot the computer and see if that helps.
    >
    >http://support.microsoft.com/default.aspx?scid=kb;EN-
    US;227302
    >
    >If you still have difficulty you might try to rebuild
    your local security database as
    >described in the link below,
    >
    >http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm
    >
    >FYI there is a local Group Policy on your computer
    available with gpedit.msc. Local
    >Security Policy is a subset of local Group Policy. ---
    Steve
    >
    >"Bob T" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:31d601c47e73$30905280$a401280a@phx.gbl...
    >> I cannot turn off the Secure Boot Settings for logon, on
    >> my local machine.
    >>
    >> The system is in a local workgroup, with no domain
    >> controler, no group manager, only local machines/group.
    In
    >> fact I've totally isolated it now, and removed all
    shares.
    >>
    >> When I check Administrative Tools|Security
    Settings|Local
    >> Policies (no group policy available), the "Disable
    >> CTRL+ALT+DEL requirement shows "disabled" for the "local
    >> settings" & "effective settings."
    >>
    >> But, in CP |Users andPasswords|Advanced| the Secure Boot
    >> Setting is grayed out.
    >>
    >> There is a check in the grayed box, but no way for me to
    >> access it. It acts like there is a domain or group
    policy
    >> overide, or I don't have admin rights. But there is no
    >> group policy since there is no PDC and I do have admin
    >> rights.
    >>
    >> When I go back to the "Disable CTRL+ATL+DEL
    requirement,"
    >> and now select, "enable," I get: "disabled" for "local
    >> setting" but, "Enabled" for "effective setting"! This
    is
    >> the only policy where there is a difference
    between "local
    >> setting" and "effective setting."
    >>
    >> Checking back at the CP Users, the Secure Boot Setting
    is
    >> still grayed out, but now, the check is gone.
    >>
    >> (The only thing I did prior to noticing this was to
    >> download MDAC 2.8 from MS with its patch--I wouldn't
    think
    >> that would have anything to do with it, but who knows?)
    >>
    >> Ideas on how to reconcile these problems?
    >>
    >> 1) get the box un-grayed, so I have local admin rights
    in
    >> User and Passwords and can change the local settings.
    >>
    >> 2) get the "Disable Ctrl+Alt+Del requirement" to show
    the
    >> same policy, for local and effective; since there is no
    >> group policy (at not one I can see) to cause the
    override.
    >>
    >> I have full admin rights. Have tried coming in through
    my
    >> Admin group name, as well as Administrator. Neither,
    made
    >> a difference.
    >> The CP|Users & Admin. Settings|Security Settings --are
    >> either reading me as no admin rights, or global
    overrides
    >> are on, or both.
    >>
    >> Thanks,
    >> Bob
    >>
    >>
    >
    >
    >.
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    I am not sure what you mean by local global policies, but gpedit.msc brings up local
    Group Policy for all the settings available on the local computer for both user and
    computer configuration. Running gpresult /v may be helpful in showing what settings
    are configured in Local Group Policy though the settings shown will not be in user
    friendly terms but are usually decipherable as to what the Group Policy setting is.
    Gpresult is part of the support tools that are in the install disk in the
    support/tools folder where you need to install the set of them by running the setup
    there. Sometimes it helps when you are having problems with security policy to reset
    settings back to default defined levels using secedit as described in the link below.
    Complications can arise when changing settings directly in the registry that can also
    be changed via Security/Group policy in that defined settings may appear to be wrong.
    Often changing a setting by enabling and disabling will refresh it to work
    rrectly. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

    "Bob T" <anonymous@discussions.microsoft.com> wrote in message
    news:39ba01c47ef8$1cad11b0$a601280a@phx.gbl...
    > Steven,
    >
    > Thanks for the good suggestions.
    >
    > Unfortunately, nothing worked.
    >
    > The reseting, had no effect.
    >
    > The rebuild, seemed to do nothing.
    >
    > And the last, gpedit.msc. Local Security Policy is a
    > subset of local Group Policy, just threw me back into the
    > local policy.
    >
    > I could find no way at all to get to the local Global.
    >
    > I wonder if it could have anything to do with my MMC
    > settings?
    >
    > Anyway, after wasting several hours, I finally gave up and
    > went to my backup.
    >
    > I just wish I knew what caused the problem & how to get to
    > that local Global policies.
    >
    > I'm off now to check the registry and see where my
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
    > SecurityBoot is set, 1 or 0?
    >
    > Any more ideas will be appreciated.
    >
    > Bob T
    >
    >
    > >-----Original Message-----
    > >When you change a Local Security Setting, either try
    > running [ secedit /refreshpolicy
    > >machine_policy/enforce ] at the command prompt to refresh
    > Local Security Policy or
    > >reboot the computer and see if that helps.
    > >
    > >http://support.microsoft.com/default.aspx?scid=kb;EN-
    > US;227302
    > >
    > >If you still have difficulty you might try to rebuild
    > your local security database as
    > >described in the link below,
    > >
    > >http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm
    > >
    > >FYI there is a local Group Policy on your computer
    > available with gpedit.msc. Local
    > >Security Policy is a subset of local Group Policy. ---
    > Steve
    > >
    > >"Bob T" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >news:31d601c47e73$30905280$a401280a@phx.gbl...
    > >> I cannot turn off the Secure Boot Settings for logon, on
    > >> my local machine.
    > >>
    > >> The system is in a local workgroup, with no domain
    > >> controler, no group manager, only local machines/group.
    > In
    > >> fact I've totally isolated it now, and removed all
    > shares.
    > >>
    > >> When I check Administrative Tools|Security
    > Settings|Local
    > >> Policies (no group policy available), the "Disable
    > >> CTRL+ALT+DEL requirement shows "disabled" for the "local
    > >> settings" & "effective settings."
    > >>
    > >> But, in CP |Users andPasswords|Advanced| the Secure Boot
    > >> Setting is grayed out.
    > >>
    > >> There is a check in the grayed box, but no way for me to
    > >> access it. It acts like there is a domain or group
    > policy
    > >> overide, or I don't have admin rights. But there is no
    > >> group policy since there is no PDC and I do have admin
    > >> rights.
    > >>
    > >> When I go back to the "Disable CTRL+ATL+DEL
    > requirement,"
    > >> and now select, "enable," I get: "disabled" for "local
    > >> setting" but, "Enabled" for "effective setting"! This
    > is
    > >> the only policy where there is a difference
    > between "local
    > >> setting" and "effective setting."
    > >>
    > >> Checking back at the CP Users, the Secure Boot Setting
    > is
    > >> still grayed out, but now, the check is gone.
    > >>
    > >> (The only thing I did prior to noticing this was to
    > >> download MDAC 2.8 from MS with its patch--I wouldn't
    > think
    > >> that would have anything to do with it, but who knows?)
    > >>
    > >> Ideas on how to reconcile these problems?
    > >>
    > >> 1) get the box un-grayed, so I have local admin rights
    > in
    > >> User and Passwords and can change the local settings.
    > >>
    > >> 2) get the "Disable Ctrl+Alt+Del requirement" to show
    > the
    > >> same policy, for local and effective; since there is no
    > >> group policy (at not one I can see) to cause the
    > override.
    > >>
    > >> I have full admin rights. Have tried coming in through
    > my
    > >> Admin group name, as well as Administrator. Neither,
    > made
    > >> a difference.
    > >> The CP|Users & Admin. Settings|Security Settings --are
    > >> either reading me as no admin rights, or global
    > overrides
    > >> are on, or both.
    > >>
    > >> Thanks,
    > >> Bob
    > >>
    > >>
    > >
    > >
    > >.
    > >
Ask a new question

Read More

Policy Security Boot Windows