Solved

registry editing has been disabled by your administrator

Posted on 2010-09-01
9
1,409 Views
Last Modified: 2012-05-10
Hi,

I have a domain user (%USER%) that is set as local administration on a specific server(W2K3 R2 std) in my domain.
This user is in a separate OU in the AD. This OU contains a policy that grand the user RDP rights. This works fine.

Now I want the user to be able to edit the registry. Run>regedit
The following error accurse:
"registry editing has been disabled by your administrator"

I have made a new policy for this OU
set:
“Prevent access to registry editing tools” to disable

ran gpupdate & even rebooted the system.

This does not work!

Can anyone help me out?
0
Comment
Question by:sayadi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33576565
You stated the User is in the OU. Is the server also in this OU? If the Server is in an OU that denies editing registry via the Computer Configuration of Group Policy then in the case of conflicting policies Computer Configuration takes precedence over User Policy.
0
 
LVL 12

Expert Comment

by:patrikt
ID: 33576569
Check higher GP objects, because if registry editing is disabled there it gets preference.
In case you have it disabled on root domain GP object you should filter this GP for admins to be able to edit registry.
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33576582
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 4

Assisted Solution

by:mikesuss
mikesuss earned 150 total points
ID: 33576619
Is there another more restrictive policy that is applying?  You might want to create a temporary admin user to allow the change, then remove the user.  This would more than likely be faster than trying to trouble shoot the registry issue for a one off.
0
 
LVL 2

Author Comment

by:sayadi
ID: 33576647
Under %myDomain.local% there is a OU for the server & a OU for the users on both OU's now I have set this policy and it still does not work!
0
 
LVL 2

Author Comment

by:sayadi
ID: 33576706
The only other policy that is implemented is to prevent the user from a shutdown. they can only logout.
0
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 350 total points
ID: 33576803
Sayadi,

Run the RSoP in Logging mode. Select the Server and User in question and that will allow you to see what settings are applying and from what GPOs. Might be able to narrow it down a little easier. See this: http://technet.microsoft.com/en-us/library/cc758010%28WS.10%29.aspx

Also if you set the policy just barely on the servers you need to reboot for it to apply on the servers as computer policies are applied at startup.
0
 
LVL 1

Expert Comment

by:amieldar
ID: 33577530
try to set a new  ou and disable enharit
0
 
LVL 2

Author Comment

by:sayadi
ID: 33584734
It was a confilicting Policy
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question