We help IT Professionals succeed at work.
Private
Troubleshooting Question

Delete restriction in a Windows 10 computer previous set up in a domain

96 Views
Last Modified: 2020-07-28
Hi,

I have a notebook that previous had it working on a site connected to sites' domain.  The problem I have is changing the background.  No matter which image I set as background, it doesn't do it.  So, what I want to do is totally delete this "domain" restriction to the notebook and have it again as a regular Windows 10 computer - if there is any other "domain" restriction set, besides the background image, I want to disable it.

Note, in one option I wanted to change, I think it was Defender (don't remember), when I clicked on it it gave me this message " The Tl administrator has limited access to some areas of this application and the item you are trying to access is not available. Get in touch with Tl technical support department"

What is the best way of doing this without damaging any components?
Comment
Watch Question

Sajid Shaik MSystem Admin
CERTIFIED EXPERT

Commented:
first of all remove the machine from doman ...  join to workgroup.
then transfer all your important data from the old profile - c:\users\abc.dom\desktop etc. copy to c:\users\desktop\Administrator paste.
then  u can safely delete the old profile..

all the best



arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Are you still using the domain based credentials to access the system?
Versus disjoining from the domain after making sure you setup a new local account .......

Author

Commented:
Hi Sajid,

Yes, totally forgot about that (haven't been working with domains I forgot).

But don't remember and hope u refreshes my memory, when I remove the PC from domain (Settings >>  Accounts >> Access work or school and tapping the domain name), what other effect should I expect?
Hi Arnold,

Don't know by "still using the domain based credentials to access the system", please explain.

Also before I (Settings >>  Accounts >> Access work or school and tapping the domain name), you recommend to first create a local account?
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
when the system was a member of a domain, and is no longer within the domain's LAN it may allow the user to access the system using the last successful login cached credentials.
You need to disjoin the system from the domain through the advanced system settings, accessible under computer properties, but after you added a local account
in the command window
net user
net localgroup administrators

usually, you will not be able to join a computer to the work until you remove it from the domain first.
note once you use microsoft login, it is possible that if you do not have access to the internet, you might not be able to login with a microsoft account, this is why I suggest you create a local account in addition to a microsoft login .....
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
While many settings can be undone, if you don't know what they are, you may have difficulty removing them all.  Group Policy tends to tattoo the settings - meaning they are permanent unless undone via the group policy.  

If you want a clean system (free of the policy tattoos), you should wipe and reload.

Author

Commented:
I was about to remove the domain, but just remember that the username that was used in the PC when in Domain, I don't want to delete it.  The reasons is that the username has a series of folders and apps that was created while in the domain.


Is there a way to remove the domain from the computer but keep the username and its folder accessible, using the same user to log in?

Please check if what I am asking is feasible and help me on what's the best way to go.
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The user data does not get deleted.
Create a new local user that is not tied to the domain.
Create a folder on C: drive accesslbe by all into which you can copy the domain user data that you want to keep.
Browser and other application data may need to use the User migration tool .

IF this system is not returning to the domain, what do you want to end up with.  If this was a domain joined system, whose system is it shouldn't have you returned it?

Author

Commented:
This computer will not return to domain.  What I want is that the user enter the same user/password as before after removing the Domain from the PC.

Can this be donde?
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not possible.
You would have to create a new local user similarly named and have the same password set for the new local account.
Using migration wizard you could try copying thrusting domain profike to the newly created local user account.

Author

Commented:
Ok, as what I have gather here, when I remove the domain from the computer, that username is no longer available? (not the data, I mean the actual username can't be use anymore for login?)
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Usually that is true, IMHO, copy the data out first, prior to any changes to avoid losing data because of a misunderstanding of how the account functioned.
I.e. The info within the account might be maintain as an offline cache that when it is back onthe LAN it synchronizes to a server.
Removing the system from a domain might result in this offlibe cache being purged.

This is what I would do, once unjoined and data loss discovered......

Author

Commented:
oof! that's bad... that means that possible apps installed under that account might not be installed for all users just hers.  When I remove the domain from this computer, she will not be able to login with her usual username and if by removing the Domain, then also will remove possible installs and confirmations.


By what I have compiled with u guys helps, this is my conclusion if I remove the domain.

Since I will not be able to know what to do to identify or prevent loss of apps installed or configurations based on this domain/user, then I gotta go back on the question, the part that made place on EE:
The problem I have is changing the background.  No matter which image I set as background, it doesn't do it.

So, do I have to remove the Domain in order to have access to change the windows desktop background? or what is the workaround to I can have her desired image on the background?
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The full picture is not clear. Some software is installed by the organization. Often, software can be uninstalled if the policy no longer applies.

There are many possible impediments when
It is not clear why you are prevented from changing the desktop unless that is the setting pushed from the domain restricting.

Double check whether the issue is that there is a picture and you are changing the background color......
Jazz KaurTechnical Support Specialist
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Arnold, I tried changing but it doesn't.

Hi Jazz Kaur, did the TranscodedWallpaper process, ands it worked; change the pix! (Thanx).  However the gpedit, no change, I still cannot "Set as desktop background " any image (seems like the TranscodedWallpaper process may be the only way)

Here is an image (all are 'not configurable' but did change "Disable" the line u recommended)

GpEditBackgrounsImage
Is there any other gpedit I can change so I can have the user change her background without going to TranscodedWallpaper process?
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not sure why you are going the GPO route versus..

Run RSOP to see where the setting is coming from what is currently displayed as the background? Locate the file and replace it with the content you want.

Issue in a domain, if it has GPO from the domain, that overrides, supercedes the local policy you are modifying.
You can not locally force it .

Author

Commented:
How can I run RSOP where the setting is coming from?
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
you will not be able to determine where the setting is coming from, but you can see what the settings are.
mmc,. file add/remove snap-in
add the results Resulatant Set of Policy (RSoP)
run the thing on the computer and the specific user, ....
Then it generates a n HTML hierarchical so you can navigate to a point where you were in the GPEDIT and see what is being pushed there. The restriction might precede it i.e. the restriction bars any changes to the Desktop.
I get your question, but not clear on what the issue with what it currently has that is causing the issue.
a domain based setup could restrict many things.
one option, is to simply create a local user account and see whether the new account will also be subjected to the restriction before making any drastic changes......

Author

Commented:
Well, my question is always related to the restriction (on setting the background wallpaper and the message "The Tl administrator has limited access to some areas of this application".

If I can fix the background wallpaper issue, more than sufficient for now (which I got a workaround with Jazz, but can't still user the right-click >> personalize via the desktop).

The other part of having the user maintain the same username/password and all her setting and removing the Domain, will work with later on (though I would really like to solve this one also).

So that said, what I want is to right-click on the desktop, click personalize and have her change the desktop features (without removing the Domain from the PC).  Since it seems it could be policies, then what policies I can change to make this happen?
Jazz KaurTechnical Support Specialist
CERTIFIED EXPERT

Commented:
Glad that workaround took effect. The only other thing I can think of is trying to modify the registry key perhaps or creating it if it’s not there — if it lets you.

It will be this key below to navigate to when you search and launch regedit.exe from the start menu

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\ CurrentVersion\Policies\ActiveDesktop

Note: If the NoChangingWallPaper key is not present below, the you should be able to create a new value within that ActiveDesktop key. You would right click on that ActiveDesktop key then click on New > DWORD (32-bit) Value. Name that new value NoChangingWallPaper

Otherwise if it’s already there Double-click on the
NoChangingWallpaper value if it’s there and set its value data to 0 for enabling changing wallpaper.

Restart for the change to be applied. Test it.

Author

Commented:
Went into the registry but no 'NoChangingWallPaper key' found (see pix, the far left).  But did find in the folder explorer and system keys related, could they be it? please advice.

RegustryNoActiveDesktop
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Just to clarify, you are running regedit as the user?


You can as admin try accessing the hkey_user\pickthecorrectuser\ along the above path and see if you can modify the entry? Potentially alter the image or color forthe desktop.
Jazz KaurTechnical Support Specialist
CERTIFIED EXPERT

Commented:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer —  yes that would be tied to Active Desktop  — unfortunately the values there for ForceDesktopOn and NoActiveDesktopChanges are set to 0 already too so that means it’s already a disabled or not configured restriction. It also means that technically you should be able to right click and change the background because no policies appear to be applied which is super strange. It’s also odd that there’s no direct ActiveDesktop folder. I’m not sure what could be blocking the right-click personalization option. 

Author

Commented:
Hi Arnold, yes I have ran it as the user she logs in.

Thanx Jazz, so it could be some sort of policy?

Or in order to have the user change the image whenever she wants I have to remove the domain?
(FYI, I had computers with domains assigned and not connected to the domains, and they can change the background image - so it sounds like some sort of policy? since these other computers can change their background desktop)

Author

Commented:
Arnold, just logged in as admin, can u give the correct registry path to "hkey_user\pickthecorrectuser\"?
Technical Support Specialist
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hkey_user is the base of user references
I can not provide the explicit,exact I fofor the domai user used because there is no way for me to guess the GUID

If there is one whose ending -number >500 it is likely ..

Within \software\microsoft\windows\currentversion\explorer\shell folders\ shoukd be a way to identify the username

Hkey_current_user is reflecting the user with whose credentials regedit is running.

Hkey_user likely has two/three users unless many domai users with local profiles loged Kyoto the system

Author

Commented:
FYI, guys, the main problem is I can’t change the background images or anything on this area of settings.  When I go Settings >> Personalization, there is aa message saying: “Some settings are hidden or managed by your organization” and won’t permit any modifications – all are grey-out.  Note, this problem is only on go Settings >> Personalization >> Background, all other pages of Personalization are ok.

That said, Jazz,
I did go to ‘HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System’ but on another computer and the key or folder “System” is not present on the computers with no problem.

The computer with a problem is running a details virus, spyware scan, as soon as it finish I will try your advice of ‘deleting just the Wallpaper and Wallpaper Style strings then restart and log back in’

Arnold,
I already know the user name.

To give u guys an update, I tried what u guys recommended, and no success (except the latest of Jazz, haven't tried).  However, did searched the problem, found some steps and tried them:
  • Going into gpedit Computer Configuration > Administrative Templates >> All Settings
  • And User Configuration > Administrative Templates >> All Settings
  • To try to find any option that the State column seem enabled, and all are ‘not configurable’
  • Also found a possible solution for “Personalization” for pages such as Background, Colors, Lock Screen, Themes, Fonts, etc.  It said to go registry to “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization”, but there is no “Personalization” (search for this entry in my others comoputers and same thing, no “Personalization” key or folder.

Finally, I Went into all windows (I think) of Settings and found the message “Some settings are hidden or managed by your organization” present on the following screens:
•      Time and language
•      Personalization

So that means that policies or registry has been modified in these 2 areas.

So maybe how do I get to those 2? (if u guys haven’t already said it)
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Jana,

That is clear, the issue is to identify what is set and modify it if it is an image. If it is a color, that makes it more difficult.

The group policies are cached but the complications remain.
Try adding a local user and confirm the restriction does not apply. Copy the domai profile to the local user and see......

The system and the domain account are restricted.
Whose computer is it? Is the system eventually going to be back

New local account might not have these restrictions.
Check whether the local account has access to the installed apps.
I.e. A user based software deployment policy, makes apps available on the user level.
This may be an indicator whether removing the system from the domain will result in a loss of apps.

Author

Commented:
Well, what I am trying to do now is find how to:
•      Restrict the Settings >> Time and language
•      Restrict the Settings >> Personalization

If I find the way of doing this, by gpedit or by registry, I just have to reverse the process.

So fi u were to tell how to restrict "Time and language" and "Personalization" in Settings, how would I do it?
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You are operating on a subordinated system. The rights you have especially when dealing with a domain based user account are significantly limited.

Gpedit onthe system applies to local system policy.which in your case is subordinate, overriden by domainbased gpos.

The main issue is whether to sever the domain relationship and all the consequences that flow from that action.

Your registry change will be reimposed during either the reboot or inser login.

Though before you were trying to alter settings, niow you are looking to restrict them.


Gpedit on a workgroup system can impose system wide and more customized per user.

Author

Commented:
What I am trying to do is re-take control of both settings screen of:
•      Time and language
•      Personalization
(I want to disable the restriction imposed on this computer and delete the message “Some settings are hidden or managed by your organization”)

When I asked if u knew how to activate or set the restriction on 'Time and language' and 'Personalization', by gpedit or registry or whatever method, my goal is to reverse those same step thus, disable the restriction.

Please note that the computer is no longer part of the domain, there is no connection to this server; this computer is at the office I am at - there is no domain here.


Is that viable Arnold, to know the steps that restrict these 2 areas and use those same step to reverse and disable the restriction?

Author

Commented:
OMG!!! Jazz, your advice on your last entry Worked!!!!

With this I think I can close the question! (I still have the problem with 'Time and language' but will search a bit then if no success, place a question for it)

Thanx Experts!!!!
Jazz KaurTechnical Support Specialist
CERTIFIED EXPERT

Commented:
Awesome!! Glad it worked! 

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.