Solved

SRP (Software Restriction Policies) is blocking local Administrator.

Posted on 2011-02-10
4
880 Views
Last Modified: 2012-05-11
I implemented SRP on a Windows 7 Pro PC that I was logged into as the Local Administrator. In Enforcement I ensured that "All users except local administrators" was selected. I then set the default Security Level to Disallow. At this point I attempted to open Windows Update from the Start menu and was blocked. I ran gpupdate, still blocked. I rebooted the PC, still blocked. I changed the default Security Level back to Unrestricted and was no longer blocked. Why is'nt the "All users except local administrators" enforcement variable working? This is the 9th PC I've setup with SRP, all the same configuration, and all the others work fine. Any ideas?
0
Comment
Question by:tstarlin
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:DarinTCH
ID: 34865845
run RSOP
resultant set of policy
to determine what is being applied
compare to working unit
0
 

Author Comment

by:tstarlin
ID: 34866338
Ran RSOP and compared a PC that the local Administrator isnt being blocked to the one that is. Went line by line. There is no difference at all.
0
 
LVL 12

Accepted Solution

by:
DarinTCH earned 250 total points
ID: 34893916
wow
that makes it a bit more difficult

here is the only other thing I have seen similiar
some laptops were on a domain and some were not
some were in a blocked OU (inheritance)
an admin made a change to the default domain policy and
checked policy enforcement
the OUs below the primary container were effected eventhough they had block inheritance set up...
the admin tried to be slick and 'turn off' the items he changed...but
after he activated a change... just choosing not applied DOES NOT UNDO the changes he made
we ended up reimaging the laptops to solve his 'unintentional changes

p.s. it took quite a while to figure this out
0
 

Author Comment

by:tstarlin
ID: 34897280
DarinTCH, I'm guessing this may be a similar situation. I'm going to reformat this PC and start from scratch. It has to be some kind of glitch. Thank you for your thoughts and take care.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using icacls to block access to mstsc, cmd & PowerShell 4 117
adobe acrobat scaning 9 49
Linksys 4 port wireless router 62 45
Using cipher to decrypt files. 4 24
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now