Group Policy blocking software on Windows 7 machine - not on domain
I've got a home customer using a HP Touchsmart computer that randomly started having certain applications blocked by group policy; AVG, Malwarebytes, Quicken installer to name a few. I do not see any programs being blocked under gpedit->Computer Configuration->Windows Settings->Security Settings->Software Restriction Policies - or- Application Control Policies->AppLocker.
These programs appear to function properly in safe mode. The computer is NOT part of a domain (just a standard workgroup), nor has it ever been. The user is an administrator on the computer.
I was able to download this which allows me to 'unlock' the station and allows all software to run properly, but don't want to have to tell a customer that he has to run that every time he restarted the computer. Once the computer was 'unlocked' I ran full scans of the computer with CCleaner, AVG, Malwarebytes, and TDSSKiller, all of which came back clean, these scans were also all run in safemode.
Are there any suggestions/places to look? I'm kinda at a loss for where else to look.
These programs appear to function properly in safe mode. The computer is NOT part of a domain (just a standard workgroup), nor has it ever been. The user is an administrator on the computer.
I was able to download this which allows me to 'unlock' the station and allows all software to run properly, but don't want to have to tell a customer that he has to run that every time he restarted the computer. Once the computer was 'unlocked' I ran full scans of the computer with CCleaner, AVG, Malwarebytes, and TDSSKiller, all of which came back clean, these scans were also all run in safemode.
Are there any suggestions/places to look? I'm kinda at a loss for where else to look.
ASKER
I believe it's just home premium, and as I stated, I looked through GPEDIT and didn't find any red flags. I looked through:
gpedit->Computer Configuration->Windows Settings->Security Settings->Software Restriction Policies
-and-
gpedit->Computer Configuration->Windows Settings->Security Settings->Application Control Policies->AppLocker
and in neither location are there any restrictions defined.
gpedit->Computer Configuration->Windows Settings->Security Settings->Software Restriction Policies
-and-
gpedit->Computer Configuration->Windows Settings->Security Settings->Application Control Policies->AppLocker
and in neither location are there any restrictions defined.
Ok
lets run msconfig
under services tab hide all microsoft services then disable all others
under startup tab disable all
restart computer see is problem continues.
lets run msconfig
under services tab hide all microsoft services then disable all others
under startup tab disable all
restart computer see is problem continues.
ASKER
Yes, the problem persists. I've done a manual disabling of items at startup (services and programs), as well as just doing a "Diagnostics Boot", and the problem continues to be present.
something is conflicting here
I know you tried manually stopping services but I would suggest trying the msconfig method.
easy to miss something.
What errors you receiveing? event log messages?
I know you tried manually stopping services but I would suggest trying the msconfig method.
easy to miss something.
What errors you receiveing? event log messages?
ASKER
Shouldn't a diagnostics boot disabled all non-windows services? The only errors I'm receiving are coming up when I try and launch certain applications (currently that list consists of AVG, Malwarebytes, Quicken autorun, Quicken installer, and LogMeIn Rescue), stating that this program has been blocked by a group policy. No specific error codes are present.
diagnostics boot is usually hardware checking
If they are functioning in Safe mode then something running is conflicting.
msconfig is only way to test this out.
No errors in the application log?
If they are functioning in Safe mode then something running is conflicting.
msconfig is only way to test this out.
No errors in the application log?
Have you tried disabling UAC??
http://www.mydigitallife.info/how-to-disable-and-turn-off-uac-in-windows-7/
http://www.mydigitallife.info/how-to-disable-and-turn-off-uac-in-windows-7/
ASKER
I have tried both with, and without UAC enabled. No change. The computer is not in our office so I haven't been able to check the error logs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would to see what is in the log first before we determine what to do next.
ASKER
Not going to bother wasting time on the issue... a rebuild is in order.
Thanks for everyone's help
Thanks for everyone's help
run gpedit.msc and check settings