H
Holz
On Thu, 3 Apr 2008 09:40:55 -0700 (PDT)
You should post in the Windows Server group.
You should post in the Windows Server group.
A
alexsandstrom
I'm trying to set up my company's software on a client's computer, but
the company that our client was previously with completely locked down
the computer. Not even the administrator account can access gpedit.msc
or the %windir%\system32\GroupPolicy folder. I need to be able to re-
enable the control panel and various other things to be able to
uninstall the old software and install our software. Is there a way or
will we just have to re-install Windows?
Thanks
-Alex
the company that our client was previously with completely locked down
the computer. Not even the administrator account can access gpedit.msc
or the %windir%\system32\GroupPolicy folder. I need to be able to re-
enable the control panel and various other things to be able to
uninstall the old software and install our software. Is there a way or
will we just have to re-install Windows?
Thanks
-Alex
L
Lanwench [MVP - Exchange]
Was this computer in a domain before?
Honestly, I'd probably be inclined to wipe & reinstall the OS entirely
rather than pick through the settings, if it were me. Faster in the long
run.
A
alexsandstrom
It's never been on a domain that I'm aware of. I know it's not right
now. The only problem with wiping everything and starting fresh, is
that I'm doing this all remotely from Salt Lake City and the client is
in Georgia. So it would be possible to wipe it, but I'm not sure if I
trust them to be able to or if they even have an install disc.
J
John John [MVP]
If you are logged on as an Administrator you can right click on the
folder ->Properties ->Security and grant yourself full control on the
folder. You can grant Administrators or specific users permissions/full
control to all the folders in one fell swoop with the SubInACL tool.
These articles are for Windows 2000 but as far as I know they also apply
to Windows XP:
Windows 2000 Microsoft Management Console and Snap-in Restrictions
http://support.microsoft.com/kb/271135/en-us
Administrator May Be Unable to Edit Group Policy in Windows 2000 Domain
http://support.microsoft.com/kb/263166/en-us
John
A
alexsandstrom
I've tried looking for the registry keys, but none of them seem to be
in there so I'd assume that isn't it. I honestly have no idea how this
company locked this computer up, but it's starting to get frustrating.
Haha. I called the client and they do not have an install disc (I had
to explain to them what it was first, to get the answer). So it's
looking like that's not an option at this point. I can't seem to
figure out with SubInACL tool, I've never had to use it before and I
think I'm doing it right.. This is the command I'm trying to use:
subincacl /subdirectory C:\WINDOWS\system32\GroupPolicy /grant=admin
I keep getting a parse line error when trying to use that.
J
John John [MVP]
Try this:
subinacl /subdirectories %windir%\*.* /grant=administrators=f
These may also be helpful:
Undocumented CACLS: Group Permissions Capabilities
http://support.microsoft.com/kb/162786/en-us
Managing File and Folder Permissions Through the Command Line Utility
http://support.microsoft.com/kb/288292/en-us
Solving setup errors by using the SubInACL tool to repair file and
registry permissions
http://blogs.msdn.com/astebner/archive/2006/09/04/739820.aspx
John
L
Lanwench [MVP - Exchange]
If it wasn't on a domain, you may have no choice besides a clean
install.....I'm not sure how you'd be able to revert from local policy
changes (maybe you can boot into safe mode & delete some files, but I don't
have a clue how you'd do that). They need to have their CDs handy anyway,
really.
Perhaps you can find a local hands-on tech & have them follow
http://www.michaelstevenstech.com/cleanxpinstall.html ....
L
Lanwench [MVP - Exchange]
Holz said:
Why? This is a standalone workstation
A
alexsandstrom
Well I tried both subinacls and cacls, but neither allowed me access
to the GroupPolicy folder. I wish I could just call the company and
ask what they changed and how to un-change it, but unfortunately we
kind of took this client from them, and I'm not sure they'd be too
sympathetic towards my problems. Haha.
to the GroupPolicy folder. I wish I could just call the company and
ask what they changed and how to un-change it, but unfortunately we
kind of took this client from them, and I'm not sure they'd be too
sympathetic towards my problems. Haha.
J
John Wunderlich
(e-mail address removed) wrote in
m:
Have you tried using secedit? It's awkward to use but I've found that
its settings seem to override just about anything.
Start->Help and Support-> Search: Secedit.
HTH,
John
m:
Have you tried using secedit? It's awkward to use but I've found that
its settings seem to override just about anything.
Start->Help and Support-> Search: Secedit.
HTH,
John
R
R. McCarty
If the machine is imaged, try a global reset of Registry permissions.
http://winonline.blogspot.com/2005/11/reset-entire-registry-permissions-to.html
http://winonline.blogspot.com/2005/11/reset-entire-registry-permissions-to.html
J
John John (MVP)
Well, time for the big guns...
Launch an interactive Command Prompt session under the System Account
credentials and you will be able to do whatever you want on the
computer. You can do this with PsExec:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
psexec -i -d -s \\
John
W
windmap
Repair Reinstall should solve the problem.