Device Manager Blocked By Administrator

I do not have this issue on any of my own machines or my client machines.

Since you have completed the DISM command with no results, and the problem is true for any profile, consider a non-destructive Repair Install.

Go to the Media Creation Link

https://www.microsoft.com/en-us/software-download/windows10

Windows 10 is running, so click on the Download button (not Upgrade Button, select Open (Run) but NOT Save. Allow the program to run. Allow drivers to update. Then select Keep Everything.

1.Navigate to C:\Windows\system32\
2.Right-click on MMC.exe.
3.Click Properties.
4.Click the checkbox next to Unblock so that a checkmark appears.
5.Click Apply.

Your screenshot shows, that windows fails to recognize the digital signature of the files as valid.
That could mean, the verification process is buggy or broken, or the file is not the original file.
I'll give you a checksum of my file (fall creator's update as well, win10 x64, 16299.98)
Checksum information
---------------------------
Name: mmc.exe
Size: 1936384 bytes (1 MB)

SHA256: 97FAABAD1D93225121E347462133BB768F3AD7D4B27AC8C232594CC205CA8D3B

John,

I did an in-place upgrade with the Media Creation tool.  Believe it or not, the issue still exists!

Ramin,  there is no unblock option where you suggested, though I kind of figured there would not be.

McKnife,

I'm new to MD5 checksums, but here's some pictures! :)
mmc1.jpg
mmc2.jpg

Hey guys,

Here's something interesting in Event Viewer,

Log Name:      Application
Source:        Application Error
Date:          12/8/2017 12:08:52 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-4L3SJML
Description:
Faulting application name: svchost.exe_CryptSvc, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: bcryptPrimitives.dll, version: 10.0.16299.98, time stamp: 0x384d71d2
Exception code: 0xc0000006
Fault offset: 0x000000000001723a
Faulting process id: 0x2740
Faulting application start time: 0x01d3704f95748011
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\bcryptPrimitives.dll
Report Id: cfb6462d-c535-4027-8ab8-78eb04caccf3
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-12-08T18:08:52.665419900Z" />
    <EventRecordID>445</EventRecordID>
    <Channel>Application</Channel>
    <Computer>DESKTOP-4L3SJML</Computer>
    <Security />
  </System>
  <EventData>
    <Data>svchost.exe_CryptSvc</Data>
    <Data>10.0.16299.15</Data>
    <Data>9c786b9a</Data>
    <Data>bcryptPrimitives.dll</Data>
    <Data>10.0.16299.98</Data>
    <Data>384d71d2</Data>
    <Data>c0000006</Data>
    <Data>000000000001723a</Data>
    <Data>2740</Data>
    <Data>01d3704f95748011</Data>
    <Data>C:\WINDOWS\system32\svchost.exe</Data>
    <Data>C:\WINDOWS\System32\bcryptPrimitives.dll</Data>
    <Data>cfb6462d-c535-4027-8ab8-78eb04caccf3</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

Is your drive encrypted?  Those files do not appear to be on my machine.

It's not encrypted that I am aware of...  here's the Application error that always follows right after it...

Windows cannot access the file C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1492_for_KB3197954~31bf3856ad364e35~amd64~~10.0.1.5.cat for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1492_for_KB3197954~31bf3856ad364e35~amd64~~10.0.1.5.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
      - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
      - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.

Additional Data
Error value: C0000102
Disk type: 3

Disregard the values for mmc.exe, I made a mistake and should have given you the values vor devmgmt.msc
To create a checksum of c:\windows\system32\devmgmt.msc on your system, you need to use this powershell command:

Get-FileHash C:\Windows\System32\devmgmt.msc

Select allOpen in new window

and the result should be (on an unmodified file):

Algorithm       Hash                                                                   Path                                                                          
---------       ----                                                                   ----                                                                          
SHA256          81834650BF3682D8C5ED3ED0222EBDE30E8E117CFC8F2B81E8BC2D45B95158D5       C:\Windows\System32\devmgmt.msc            

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
SHA256          81834650BF3682D8C5ED3ED0222EBDE30E8E117CFC8F2B81E8BC2D45B95158D5       C:\Windows\System32\devmgmt.msc

Ran another SFC /Scannow after DISM came back clean.

Here are the results...

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

I don't understand.  With an in-place upgrade using the Media Creation tool, should all of the Windows files been replaced and verified?
cbs.zip

Yes. Most or all files are replaced and the old files end up in Windows. old

The inplace upgrade migrates your settings, keeps your files and installed programs but rewrites all windows system files. It also resets basic OS security settings so in case those are somewhat messed up, they will be good again afterwards. Should be tried, does not hurt.

Just a note since there tends to be some confusion.  I have already done an in-place upgrade after John suggested it.  It just seems like suggestions are made to do it again from what I have been reading.

I'm going to do SFC /Scannow in safe mode as suggested.

Another Option is to boot your PC with a bootable Windows 10 installation media (DVD / USB) then go to Startup options >> command prompt and run SFC /SCANNOW from there.

Oh, you already did... you wrote that before, sorry, I missed that.
Something must be extraordinary about your installation. Is the UAC at defaults?

The restriction seems to apply to one user, check local group security as admin. Mmc add/remove snap-in

Check whether the settings there..
Gpresults /v /scope user

Or computer restricting access to these tools to only one account, administartor.

Create a new admin account, and see whether that account has this issue as well. If not, the issue is potentially a corruption of the profile ...

Arnold, I have created another profile as Administrator, but no luck.

I did just find something interesting.  I was trying to read the SFC log when I ran into an error.  I think my environment variables are messed up.

PS C:\> %windir%
%windir% : The term '%windir%' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ %windir%
+ ~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (%windir%:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS C:\>

Here's my Variables though, they look intact...

Temporarily uninstall Antivirus software, restart and Test.

Also open a command prompt as Administrator and type:
 net user administrator /active:yes
Hit Enter.
Logoff from current account.
Login with Administrator account.
Create a new User Account as Admin.
logoff from administrator.
login with New account and Test it.
 

Disable Administrator Account:
Open a command prompt as Administrator and type:
 net user administrator /active:no
Hit Enter.

cd %WINDIR%
it will not auto switch directory if used %WINDIR%

Yeah, just realized I was doing it in Powershell.  Oops, my bad.  %windir% works correctly.

I DID just find out the customer's son was trying to Mod something for Minecraft before this happened.  Nothing like hindsight!  Maybe something with Java?  Still looking for something to look for though...

Try turning UAC off and see what happens.  The built-in administrator account "Administrator" does not use or honor UAC.

You can also try capturing a PML log with Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Run it before do you the action, do the restricted action, then stop logging and upload the PML file here and we can take a look.

You might also want to inspect "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" in Regedit and compare this with a known good, working system and see if any values look different.  You can export this tree out as a backup and should do so before making any changes.

That's a great idea Adam!

Here's the requested file when trying to open Device Manager from right-clicking the Start Menu.

NOTE:  I compared the registry entries as requested, and the only difference I found was FilterAdministratorToken was in THIS computer, but not mine.  I changed the value from 0 to 1, but it didn't make a difference.

BTW:  Switched it from PML to txt so could upload.
Logfile2.zip

According to the log: Windows is having problems creating keys in

HKLM\Software\Policies\Microsoft\SystemCertificates\Root
HKLM\Software\Microsoft\SystemCertificates\trust
HKLM\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKLM\Software\Microsoft\EnterpriseCertificates\Root

HKCU\Software\Policies\Microsoft\SystemCertificates\TrustedPeople.  


HKCU is the current user's profile and HKLM is the machine profile.  I can create keys in these areas (HKLM) just fine on my Win10 PC with REGEDIT.   However, I just ran ProcMon while I went into the device manager and my trace looks exactly the same as yours, so that appears to be fine.

What happens if you run MMC and then add the device manager snap-in?  Does that work?  Did you try turning UAC off to Never notify?

Okay, I am uploading the Process Monitor file from just trying to open mmc.exe (which I am blocked on)
Logfile2.zip

Nothing looks out of the ordinary in that trace either.  I suspect he made some changes to the operating system, such as running DisableWindowsTracking and it ended up disabling a service that is needed:

https://www.reddit.com/r/Windows10/comments/5p0fvb/application_blocked_for_your_protection/

Maybe compare the running services on a known good system and the bad system?

I don't see anything disabled that shouldn't be... I'll look more tomorrow.

I will let you know that if I run Powershell as admin from the start menu (which does work), then I can open up mmc.exe and devmgmt.msc with no issues.

Feedback on UAC, please :-)
 I asked  whether it was at defaults and others wanted to know if turning it off changes anything.

This is with UAC Disabled and the computer restarted...

That is one answer out of 2. What about UAC being at defaults, how does it behave at defaults?

As far as I know, it was on Defaults. 2nd from the top option.  When I started this thread that's the setting it was at.  Just in the last post I moved it to the option at the bottom.  Did that help?

Sure, that helps. Ok, the repair installation did not help correcting this weird "Publisher unknown" problem which could be standing behind it all. If I was at your place, I would simply restore my latest working image backup and stop worrying - do you have one?

Well, backup and reload is always an option, and we may be getting to that point.  It's a home computer for a customer, so I do not have any image backups.  Was there anything else in the Process Monitor that helped?  It's so weird because it's like the account which has Administrator privileges doesn't have administrator privileges.

Okay, I will reload the system and let you know.  Thank you.

Hello!  Trying to give credit to everyone.  A "RESET THIS PC" did work.  I was able to keep their data on, but wipe the programs and have Windows reinstall.  So, some program or setting definitely was the cause of it.  No issues since I did that.  I did NOT have to wipe the drive.  Thank you for your assistance!

You are very welcome and thank you for the update.