[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1444
  • Last Modified:

registry editing has been disabled by your administrator


I have a domain user (%USER%) that is set as local administration on a specific server(W2K3 R2 std) in my domain.
This user is in a separate OU in the AD. This OU contains a policy that grand the user RDP rights. This works fine.

Now I want the user to be able to edit the registry. Run>regedit
The following error accurse:
"registry editing has been disabled by your administrator"

I have made a new policy for this OU
“Prevent access to registry editing tools” to disable

ran gpupdate & even rebooted the system.

This does not work!

Can anyone help me out?
2 Solutions
You stated the User is in the OU. Is the server also in this OU? If the Server is in an OU that denies editing registry via the Computer Configuration of Group Policy then in the case of conflicting policies Computer Configuration takes precedence over User Policy.
Check higher GP objects, because if registry editing is disabled there it gets preference.
In case you have it disabled on root domain GP object you should filter this GP for admins to be able to edit registry.
Meir RivkinFull stack Software EngineerCommented:
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Is there another more restrictive policy that is applying?  You might want to create a temporary admin user to allow the change, then remove the user.  This would more than likely be faster than trying to trouble shoot the registry issue for a one off.
sayadiAuthor Commented:
Under %myDomain.local% there is a OU for the server & a OU for the users on both OU's now I have set this policy and it still does not work!
sayadiAuthor Commented:
The only other policy that is implemented is to prevent the user from a shutdown. they can only logout.

Run the RSoP in Logging mode. Select the Server and User in question and that will allow you to see what settings are applying and from what GPOs. Might be able to narrow it down a little easier. See this: http://technet.microsoft.com/en-us/library/cc758010%28WS.10%29.aspx

Also if you set the policy just barely on the servers you need to reboot for it to apply on the servers as computer policies are applied at startup.
try to set a new  ou and disable enharit
sayadiAuthor Commented:
It was a confilicting Policy

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now