We help IT Professionals succeed at work.

Win2003: cannot install some software as domain administrator due to software restriction policy

Raymond Jansen
on
610 Views
Last Modified: 2014-08-29
Hi,

I have an old Windows 2003R2 domain controller. I need to install a program on it.

When I do, I get the following error: Windows cannot open this program because it has been prevented by a software restrictions policy.

I have:
- checked all policy's which are in effect: domain policy, domain controller policy, local policy, none of them have a software restrictions policy (never has).
- made a new software restrictions policy, where under enforcement I have excluded local admins, reboot.
- made a new user equal to domain admin
- disabled all NON Microsoft services and reboot.
- tried to install to different folder (not in program files).
- cleanded up temporary files.
- eventlog only shows error, no clues there.
- virus scan, eset + hitmanpro, nothing.

None of this has worked...

Anyone suggestions?

Kind regards,
Ray
Comment
Watch Question

Hi Ray

Have you tried logging onto this 2003 server using the domain / enterprise admin account?

Alternatively. press right shift and right click on the software you wish to install and select run as different user. Enter the domain / enterprise admin account credentials here

Hope this is of some help

Thanks
Andy
Raymond JansenSysadmin
CERTIFIED EXPERT

Author

Commented:
Hi Andy,

I have tried that. Also I have made another admin account, also no luck.
Hi Ray

Try placing the server into the staging OU within AD and you should then be able to install any software you desire as no GPO's will be applied whilst in staging. This will work

Thanks
Andy
Raymond JansenSysadmin
CERTIFIED EXPERT

Author

Commented:
Hi Andy,

Sorry, but I don't understand (and can't quick find on google). How do I place the DC in the staging ou?
Hi Ray

Open up Active Directory then search for that server. Right click once the server is found and move to the staging OU within AD

Thanks
Andy
Raymond JansenSysadmin
CERTIFIED EXPERT

Author

Commented:
Hi Andy,

I can find the server in AD, it is in Domain Controllers OU. I can right click and see move, but I can't find a staging OU.

Thanks,
Ray
Raymond JansenSysadmin
CERTIFIED EXPERT

Author

Commented:
Also, I did a search in AD for OU's named staging, nothing...
Hi Ray

Your half way there. In that case you will need to create a staging OU. I am sure there should already be one on your domain as standard, surely? This is basic stuff to be fair.
No offense but I would be very concered if you were administering my corporate network as you dont know much about staging OU. I would suggest you speak with one of your Wintel engineers to determine what equivalent staging OU is on your domain, or to get someone to set that up for you

Commented:
Hi Ray,

I think the OU andrewjamesb is referring to is called Computers it's usually the default OU computers get placed when they first join the domain.  I would highly suggest some MS admin training to get you more comfortable with domain work just my 2 cents.

Good Luck!
Raymond JansenSysadmin
CERTIFIED EXPERT

Author

Commented:
@Andy: I'm doing this for some time now. I did never hear something about a staging OU, nor can I find this fully explaned on Google. From what you're writing I understand that it's an OU where I should block all policies from being applied.

I really believe that this workaround could work, however, it does not solve my original problem. This DC 'thinks' that there is a software restriction policy in effect, while it is not. I have checked with gpresult.

If I can't solve it, the more easy way was to transfer the program to another DC in the same site, with Windows 2012R2, which does NOT have this problem.

And yes, probably I don't know everything, and never will. That's why I ask for help here!

But, it would be nice if the original problem could be solved (other then re-installing). I have 1 program that simply will not run on anything else then Windows 2003 server....

Thanks anyway,
Ray
Sysadmin
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Raymond JansenSysadmin
CERTIFIED EXPERT

Author

Commented:
See previous comment.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.