Win2003: cannot install some software as domain administrator due to software restriction policy

Hi,

I have an old Windows 2003R2 domain controller. I need to install a program on it.

When I do, I get the following error: Windows cannot open this program because it has been prevented by a software restrictions policy.

I have:
- checked all policy's which are in effect: domain policy, domain controller policy, local policy, none of them have a software restrictions policy (never has).
- made a new software restrictions policy, where under enforcement I have excluded local admins, reboot.
- made a new user equal to domain admin
- disabled all NON Microsoft services and reboot.
- tried to install to different folder (not in program files).
- cleanded up temporary files.
- eventlog only shows error, no clues there.
- virus scan, eset + hitmanpro, nothing.

None of this has worked...

Anyone suggestions?

Kind regards,
Ray
LVL 7
Raymond JansenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

andrewjamesbCommented:
Hi Ray

Have you tried logging onto this 2003 server using the domain / enterprise admin account?

Alternatively. press right shift and right click on the software you wish to install and select run as different user. Enter the domain / enterprise admin account credentials here

Hope this is of some help

Thanks
Andy
0
Raymond JansenAuthor Commented:
Hi Andy,

I have tried that. Also I have made another admin account, also no luck.
0
andrewjamesbCommented:
Hi Ray

Try placing the server into the staging OU within AD and you should then be able to install any software you desire as no GPO's will be applied whilst in staging. This will work

Thanks
Andy
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Raymond JansenAuthor Commented:
Hi Andy,

Sorry, but I don't understand (and can't quick find on google). How do I place the DC in the staging ou?
0
andrewjamesbCommented:
Hi Ray

Open up Active Directory then search for that server. Right click once the server is found and move to the staging OU within AD

Thanks
Andy
0
Raymond JansenAuthor Commented:
Hi Andy,

I can find the server in AD, it is in Domain Controllers OU. I can right click and see move, but I can't find a staging OU.

Thanks,
Ray
0
Raymond JansenAuthor Commented:
Also, I did a search in AD for OU's named staging, nothing...
0
andrewjamesbCommented:
Hi Ray

Your half way there. In that case you will need to create a staging OU. I am sure there should already be one on your domain as standard, surely? This is basic stuff to be fair.
0
andrewjamesbCommented:
No offense but I would be very concered if you were administering my corporate network as you dont know much about staging OU. I would suggest you speak with one of your Wintel engineers to determine what equivalent staging OU is on your domain, or to get someone to set that up for you
0
ebad-itCommented:
Hi Ray,

I think the OU andrewjamesb is referring to is called Computers it's usually the default OU computers get placed when they first join the domain.  I would highly suggest some MS admin training to get you more comfortable with domain work just my 2 cents.

Good Luck!
0
Raymond JansenAuthor Commented:
@Andy: I'm doing this for some time now. I did never hear something about a staging OU, nor can I find this fully explaned on Google. From what you're writing I understand that it's an OU where I should block all policies from being applied.

I really believe that this workaround could work, however, it does not solve my original problem. This DC 'thinks' that there is a software restriction policy in effect, while it is not. I have checked with gpresult.

If I can't solve it, the more easy way was to transfer the program to another DC in the same site, with Windows 2012R2, which does NOT have this problem.

And yes, probably I don't know everything, and never will. That's why I ask for help here!

But, it would be nice if the original problem could be solved (other then re-installing). I have 1 program that simply will not run on anything else then Windows 2003 server....

Thanks anyway,
Ray
0
Raymond JansenAuthor Commented:
Found! It turned out that the culprit is windows update kb2918614. After removing this, restart, everything works fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Raymond JansenAuthor Commented:
See previous comment.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.