Cannot Remove Software Restriction Policy

Someone added a blank software restriction policy to a Policy that was applied domain wide. Caused me problems. Anyway, I took the SRP off of that policy, and tried gpupdate, gpupdate /force, gpupdate /sync to no avail. I removed the link and the enforcement from that Policy to the OU (all OUs). Tried to gpupdate.. nothing. I removed a pc from the domain and logged in as a local admin, Resultant set of policy says i still have SRP. I rejoined domain hoping to overwrite because they should only be receiving the Default Domain Policy -- which does not have a SRP. Stil nothing. I really need to find an answer else I'm gonna be reformatting machines until I die. I tried the Microsoft FixIt BS and it doesnt work either.
LVL 1
jstevens80Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jstevens80Author Commented:
I'm still screwed as of right now. I need to connect to the network to install programs. I use static IPs so when I input my DNS server I automatically pick up the SRP.
0
jstevens80Author Commented:
To add even more -- Ive deleted registry entries from HKCU and HKLM for software/policies/microsoft. and currentversion/policies. Ive deleted Windows/system32/GroupPolicy. Still nothing. I restarted the PDC and SDC, all the machines, have run gpupdate. Have removed ALL GP's. gpresult said N/A GPO's were applied. Default Domain policy is disabled, and the Local Group Policy is not applied. -- same thing for user settings. When i use the MMC to look at RSoP it still tells me I have SRP. Definitely in a bind.
0
javiersantanaCommented:
What a mess! Anything coming up in the event viewer? use RSOP on the DC and see what you get. Are your OU's inheriting any policies? Just a few things to check.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

jstevens80Author Commented:
there are no errors in the event log, just that the security policy was applied successfuly. i ran RSoP on the DC and it has the policy applied as well. My Boss (CIO but not tech oriented) logged in as her user which is set to receive the GPO. There are currently applied GPO's, all are disabled. The Default GPO was inherited by all but i even disabled that. Although the DGPO did NOT have any SRP
0
javiersantanaCommented:
The GPO is set on user accounts? do these user accounts have admin rights? I believe in order for GPO's to be applied to user accounts that modify registry/permissions/security in any way, users need to have some sort of elevated privileges.

I might be completely wrong in that last statement. I think i remember reading that somewhere though. check it out and see if im right.
0
jstevens80Author Commented:
those user accounts have local administrative rights. not domain wide. but like i said, as soon as i point any pc to my DC even if its not on the domain i get a SRP. I dont get that at all.
0
BitsBytesandMoreCommented:
What a mess...... have you tried turning off the PDC to see if the SDC also has the same problem?
How many users do you have?
If it works with the SDC you might want to consider running dcpromo...in installs or removes the Active Directory services and recreates everything from the SDC....
0
jstevens80Author Commented:
From what ive been reading.. all security options via GPO "tattoo" the pc. I did not leave the PDC off, just restarted and the SDC took over the domain control (but remember im using static addressing so the users still point their primary DNS to the PDC and secondary is the SDC). Did not help, so i restarted the SDC and the PDC took over again. Replication between servers seems fine. I created a test OU and applied a new GPO with no SRP and it did nothing. So i changed the SRP to not apply to local admins (which all my users are for our 3rd party management system {bad i know}). Did not help either. So you're suggesting leaving the PDC offline for a bit and then running gpupdate /force and see what happens? ive been trying to read about creating custom ADMs but im also running an office of 125+ pc's by myself this week. I just had a core switch fail as well (stressed!)
0
jstevens80Author Commented:
I have a cd with some software that needs to install a virtual LPT port (LPT1). SRP prevents me from running these 3 .msi files. I have another .msi that is my CiscoVPN client installer. I moved the VPN installer to the same location as the other .msi's. I can open my VPN msi but none of the others. All are in the same directory. I moved the restricted .msi's from disk to disk to remove security but still nothing.
0
jstevens80Author Commented:
It turns out that if I wait a couple hours after writing a new policy overwriting the tattooed policy, things will be ok. maybe its my replication between PDC and SDC. The other .msi's in question were locked by the publisher so only their installed could run the files, not myself behind the scenese, but it gave me the same error message i receieved when i was actually blocked by an SRP.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.