Solved

SRP (Software Restriction Policies) is blocking local Administrator.

Posted on 2011-02-10
4
875 Views
Last Modified: 2012-05-11
I implemented SRP on a Windows 7 Pro PC that I was logged into as the Local Administrator. In Enforcement I ensured that "All users except local administrators" was selected. I then set the default Security Level to Disallow. At this point I attempted to open Windows Update from the Start menu and was blocked. I ran gpupdate, still blocked. I rebooted the PC, still blocked. I changed the default Security Level back to Unrestricted and was no longer blocked. Why is'nt the "All users except local administrators" enforcement variable working? This is the 9th PC I've setup with SRP, all the same configuration, and all the others work fine. Any ideas?
0
Comment
Question by:tstarlin
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:DarinTCH
ID: 34865845
run RSOP
resultant set of policy
to determine what is being applied
compare to working unit
0
 

Author Comment

by:tstarlin
ID: 34866338
Ran RSOP and compared a PC that the local Administrator isnt being blocked to the one that is. Went line by line. There is no difference at all.
0
 
LVL 12

Accepted Solution

by:
DarinTCH earned 250 total points
ID: 34893916
wow
that makes it a bit more difficult

here is the only other thing I have seen similiar
some laptops were on a domain and some were not
some were in a blocked OU (inheritance)
an admin made a change to the default domain policy and
checked policy enforcement
the OUs below the primary container were effected eventhough they had block inheritance set up...
the admin tried to be slick and 'turn off' the items he changed...but
after he activated a change... just choosing not applied DOES NOT UNDO the changes he made
we ended up reimaging the laptops to solve his 'unintentional changes

p.s. it took quite a while to figure this out
0
 

Author Comment

by:tstarlin
ID: 34897280
DarinTCH, I'm guessing this may be a similar situation. I'm going to reformat this PC and start from scratch. It has to be some kind of glitch. Thank you for your thoughts and take care.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now