Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 120
  • Last Modified:

Locked out of Group Policy

Hi All,

I did a really dumb thing and I am hoping you can help me.

I locked myself out of gpedit.msc and gpmc.msc.

The lockout is coming from a policy that I put on the domain and I got distracted and forgot to deny admin to this policy.  

This is a doozy.

Help.

Karen
0
klsphotos
Asked:
klsphotos
2 Solutions
 
RizzleCommented:
What policy have you applied/denied?

Can you user another domain admin account to amend this policy?
0
 
Kash2nd Line EngineerCommented:
are you working remotely  or locally ?

if remotely then if you have another computer you can access, and then remote using RDP and see if you can log on that way and add exception for domain admins.
0
 
klsphotosAuthor Commented:
I do not recall if I applied it to user or computer but I moved my system to the computer ou and my account to the user our and refreshed policy and restarted and it's still there.

All systems here on the domain and users got the policy.  I did create a additional admin account and the same thing.  it is denied.  

I have NEVER done anything like this and am stumped.  It's set on the root of the domain, but not in the default domain policy so I need to get in.  I thought about changing the registry keys on my system since I can't edit gpedit to over ride it, I could do it manually but I do not know which registry setting that is.

I also read that I could rename mmc.msc and then run it from a command line but that hasn't been successful either.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
RizzleCommented:
You can try a few things:

1. Go to %root\windows\sytems32 and rename the GroupPolicy folder to GroupPolicy.old
2. Create a new folder called GroupPolicy
3. create folders inside named Machine and User (with nothing inside)
4.Restart server

Maybe this may help?
https://social.technet.microsoft.com/Forums/windowsserver/en-US/97c38692-1482-4b35-953f-04eb06fc82a1/locked-myself-out-of-gpeditmsc-cant-access-anything
0
 
Donald StewartNetwork AdministratorCommented:
This is what I would try first

Reset All User Permissions To Default

http://www.bleepingcomputer.com/forums/t/509474/reset-all-user-permissions-to-default/
0
 
klsphotosAuthor Commented:
I got it, Roshan link was partially responsible.

I am not willing to change the name of the folders on the whole domain for this, I am not sure of the implications and we have several sites that policy syncs too.  I worked to hard to get all of that working, I'm not doing that.  If I can change the settings on my local system they will override the domain policy.

I can't reset all permissions to default, this is a whole domain.

What I did do and still can't believe that it worked is I went into the registry and went to HKCU\Software\Policies on my system.   I changed all the software restrictions policies which had a value of 1 to value of 0 and was concerned because if I restarted, the same policy would apply again so I didn't restart and magically it worked and I was able to open it, remove the policy and force gp update.  

How crazy is that that that is all you have to do to change policy for the domain on your local system?  Better make sure I block regedit from users as well and not forget to deny domain next time and never again put it on the default domain level ;).

Thank you everyone!
0
 
klsphotosAuthor Commented:
I followed the link provided and it showed me the registry paths that I could edit to get back into what was restricted.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now