registry editing has been disabled by your administrator


I have a domain user (%USER%) that is set as local administration on a specific server(W2K3 R2 std) in my domain.
This user is in a separate OU in the AD. This OU contains a policy that grand the user RDP rights. This works fine.

Now I want the user to be able to edit the registry. Run>regedit
The following error accurse:
"registry editing has been disabled by your administrator"

I have made a new policy for this OU
“Prevent access to registry editing tools” to disable

ran gpupdate & even rebooted the system.

This does not work!

Can anyone help me out?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

NuttycomputerConnect With a Mentor Commented:

Run the RSoP in Logging mode. Select the Server and User in question and that will allow you to see what settings are applying and from what GPOs. Might be able to narrow it down a little easier. See this:

Also if you set the policy just barely on the servers you need to reboot for it to apply on the servers as computer policies are applied at startup.
You stated the User is in the OU. Is the server also in this OU? If the Server is in an OU that denies editing registry via the Computer Configuration of Group Policy then in the case of conflicting policies Computer Configuration takes precedence over User Policy.
Check higher GP objects, because if registry editing is disabled there it gets preference.
In case you have it disabled on root domain GP object you should filter this GP for admins to be able to edit registry.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Meir RivkinFull stack Software EngineerCommented:
mikesussConnect With a Mentor Commented:
Is there another more restrictive policy that is applying?  You might want to create a temporary admin user to allow the change, then remove the user.  This would more than likely be faster than trying to trouble shoot the registry issue for a one off.
sayadiAuthor Commented:
Under %myDomain.local% there is a OU for the server & a OU for the users on both OU's now I have set this policy and it still does not work!
sayadiAuthor Commented:
The only other policy that is implemented is to prevent the user from a shutdown. they can only logout.
try to set a new  ou and disable enharit
sayadiAuthor Commented:
It was a confilicting Policy
All Courses

From novice to tech pro — start learning today.