Solved

Regedit disabled by administrator

Posted on 2010-11-10
14
1,076 Views
Last Modified: 2012-08-14
Hi,

My 3 team members are not able to open REGEDIT from last 10 days. it says disabled by the administrator. I have checked group policies and no such policy applied on these users.

These three members are from transitions/testing team and they are not able to test tools just because of this.
0
Comment
Question by:pdixit1977
  • 3
  • 3
  • 2
  • +6
14 Comments
 
LVL 30

Expert Comment

by:flubbster
ID: 34102727
If not set by policy, then it is usually a sign of some type of malware. Try downloading and running this vbs script. It toggles the state of regedit. If it is disabled, it will be enabled. Enabling requires a restart, so reboot to test.

http://www.dougknox.com/security/scripts/regtools.vbs
0
 
LVL 30

Expert Comment

by:flubbster
ID: 34102747
If that does not work, then try this sequence:

Click Start -> Run. Type this command in Run box and press Ok.  (You can copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

Then a prompt will come up with this question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.

After u did that also type this command in the run box and hit enter.

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

Then it will also come up with the question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 34102749
This article ahs several different methods of fixing the issue.  I typically use Method 4.
http://www.pchell.com/support/registryeditordisabled.shtml

0
 
LVL 1

Expert Comment

by:senthil_var2000
ID: 34102998
run regedit in safe mode and make the alter as above. The problem came due to virus affected check with sdat .exe. once virus is remove then do the regedit work.

If u do regedit before virus remvel no effect with be there.
0
 

Author Comment

by:pdixit1977
ID: 34104630
i did all the methods but no luck.
I believe its due to some virus, we are using Symantec EndPoint Protection but that does'nt work for this virus.
Can anyone provide me any other free tools/exe thru which i can scan and remove this virus/malware.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 34104710
Try this:

http://www.dougknox.com/xp/utils/xp_emergencyutil.zip

Look here for instructions:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

Basically, it creates new versions of regedit, taskmanager, and msconfig. Try using the new regedit as instructed. If it works and you get in there, chances are that the following key is remapping all that great stuff to svchost so it looks like nothing is happening. Look here in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Within that key, I bet you find a ton of entries, each of them remapping a "good" program to a bad. This stops the program you want from executing. As a start, scroll down the list and look for regedit. If you find it, highlight it and delete. You can actually delete every entry in that key.

0
 
LVL 48

Expert Comment

by:dbrunton
ID: 34104726
The ones usually recommended here are

Malwarebytes
Combofix
HitmanPro
TDSSKiller

Those usually cover a wide range.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 66

Expert Comment

by:johnb6767
ID: 34106730
Rename c:\windows\regedit.exe to c:\windows\blah.com

Does it work?

If so, look at the following....

start>run>cmd

Paste the lower commands...

Do they return results? Most likely the keys can be deleted.....

second set deletes them if present.....
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regedit.exe"

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe"



reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regedit.exe" /f

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe /f

Open in new window

0
 
LVL 22

Expert Comment

by:optoma
ID: 34107375
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 34107720

Likely due to malware/viruses present in the system, so when you fix the symptom while the nasties are still there it won't work as it will be disabled almost immediately.
Use the already suggested tools to fix the symptom and then scan the system to remove the culprit.

As suggested, scanners you can use to scan the system:

MalwareBytes:
http://www.malwarebytes.org/mbam-download.php

HitmanPro:
http://www.surfright.nl/en/hitmanpro

TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 34152415
did you use win32 sality killer kaspersky tool
if sality virus exists there is no any effect what ever you did
so first verify whether pc is sality free
0
 

Accepted Solution

by:
pdixit1977 earned 0 total points
ID: 34270025
Finally it got resolved.
I used RRT (restrictions removal tool) for this.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34271472
Odd, we should have had that resolved with teh methods in the thread....

Anyhoo, glad youre fixed.....
0
 

Author Closing Comment

by:pdixit1977
ID: 34299439
I had follow all suggestions/troubleshooting steps given by expers but nothing worked for me. Then i got RRT from one of my vendor and it resolved my issue.
I ran it on all 7 systems and all these systems are working fine now.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change password links 7 74
How to prioritize LOGONSERVER for clients? 1 39
What is CEO Fraud? 8 72
How to keep XP in VM over Ubuntu from being Virus'd 22 61
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now