LOCAL POLICY Filtered (Stand alone PC)

[Jmak]

I cannot install or make system changes. I am logged on
as administrator.
I did a gpresult and I see someone has placed a Group
Policy on my PC. The results is anyone logging on is now
a member of none and everyone local group.
I have a feeling my pc was/is hacked.
How can I delete this Policy and enact my LOCAL POLICY?
Thank you for any help.
Cannot install resource kit due to "User installations are
disabled via policy on the machine." This is not MY
policy, it is the one filtering mine.
Doman type (Local Computer) NO AD.

 

[Steven L Umbach]

I am not quite sure what your problem is, however "the" built in
administrator account can not be removed from the local administrators
group. You need to try to log on with that account. You can uses the secedit
command to reset security to default defined levels and you might also try
to give yourself dny ntfs permissions on the \windows\system32\group
policy\users folder. If you get access back, you need to take steps to make
sure your computer is clean and secure it from further attacks. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222 How to use
secedit to reset security.
http://www.microsoft.com/security/protect/

 

[jmak]

THANKS this is very useful, however in this case this did
not work. After I reset EVERYTHING, I ran gpresult and it
still tells me that the local policy is filtered, leaving
the user that is logged on (administrator) to assume the
following security groups
NONE, EVERYONE/Builtin\administrators\builtin\users local
NT Authority\interactive and NT authority\authenticated
Users
I get the following message "the following GPOs were not
applied because they were filtered out LOCAL GROUP POLICY
Filtering: Disabled (GPO). I even used the overwrite
command. UGh, I cannot install the resource kit nor
windows update. Whoever did this is good.
Thank you for your help, that was very good information.

 

[Steven L Umbach]

OK. First see if you can perform a system restore point [look it up in help] to see
if you can roll back system to a time before problems began. I don't know if you can
access gpedit.msc or not. If you can and system restore was not an option, try to go
to the \windows\system32\group policy\user folder [you will need to give yourself
permissions again if you still have deny] and rename the registry.pol file there and
reboot. Then use gpedit.msc to bring up Local Group Policy and define a setting
somewhere in administrative templates. You can undefine it right away and that should
give you a clean Local Group Policy for user configuration with no settings defined.
Log off and back on to see if problems cleared up. If not you may need to do a
reinstall. You can reinstall into existing \windows folder that the installation
process will detect when prompted to select L without doing any formatting. That way
your data should stay intact, but you will need to reinstall applications on top of
themselves, reapply service pack and critical updates from Windows Update making sure
that the ICF firewall is enabled before connecting to the internet. Your original
profile should still be there and you will have to look for it under the documents
and settings folder to retrieve any data you have there in my documents, etc. Be sure
to decrypt any files that you may have encrypted with EFS, before doing any
stall. --- Steve

 

[jmak \(very happy now\)]

Steven You Are Da Mannnnn!!!
renaming worked like a charm. I did not have author
permission last night. I did make some changes (not sure
what all I did last night) Oh wait...your find on the
reset security policy was what did it. Again Thanks.
I can now save the changes and they do work.
You are GREAT, no reinstall here.
Thank you VERY MUCH.

-----Original Message-----
OK. First see if you can perform a system restore point [look it up in help] to see
if you can roll back system to a time before problems began. I don't know if you can
access gpedit.msc or not. If you can and system restore was not an option, try to go
to the \windows\system32\group policy\user folder [you will need to give yourself
permissions again if you still have deny] and rename the registry.pol file there and
reboot. Then use gpedit.msc to bring up Local Group Policy and define a setting
somewhere in administrative templates. You can undefine it right away and that should
give you a clean Local Group Policy for user

configuration with no settings defined.

Log off and back on to see if problems cleared up. If not you may need to do a
reinstall. You can reinstall into existing \windows folder that the installation
process will detect when prompted to select L without doing any formatting. That way
your data should stay intact, but you will need to

reinstall applications on top of

themselves, reapply service pack and critical updates

from Windows Update making sure

 

[Steven L Umbach]

Thanks for posting back that it worked and glad to help. --- Steve

Steven You Are Da Mannnnn!!!
renaming worked like a charm. I did not have author
permission last night. I did make some changes (not sure
what all I did last night) Oh wait...your find on the
reset security policy was what did it. Again Thanks.
I can now save the changes and they do work.
You are GREAT, no reinstall here.
Thank you VERY MUCH.

-----Original Message-----
OK. First see if you can perform a system restore point [look it up in help] to see
if you can roll back system to a time before problems began. I don't know if you can
access gpedit.msc or not. If you can and system restore was not an option, try to go
to the \windows\system32\group policy\user folder [you will need to give yourself
permissions again if you still have deny] and rename the registry.pol file there and
reboot. Then use gpedit.msc to bring up Local Group Policy and define a setting
somewhere in administrative templates. You can undefine it right away and that should
give you a clean Local Group Policy for user

configuration with no settings defined.

Log off and back on to see if problems cleared up. If not you may need to do a
reinstall. You can reinstall into existing \windows folder that the installation
process will detect when prompted to select L without doing any formatting. That way
your data should stay intact, but you will need to

reinstall applications on top of

themselves, reapply service pack and critical updates

from Windows Update making sure

that the ICF firewall is enabled before connecting to the internet. Your original
profile should still be there and you will have to look for it under the documents
and settings folder to retrieve any data you have there in my documents, etc. Be sure
to decrypt any files that you may have encrypted with EFS, before doing any
stall. --- Steve




.

 

[jmak]

Anytime anytime. You still DA MAN. If there is anything
I can do to help you, just let me know. In the meantime I
will be busy paying it forward.

-----Original Message-----
Thanks for posting back that it worked and glad to help. --- Steve

"jmak (very happy now)"

message news:[email protected]...

Steven You Are Da Mannnnn!!!
renaming worked like a charm. I did not have author
permission last night. I did make some changes (not sure
what all I did last night) Oh wait...your find on the
reset security policy was what did it. Again Thanks.
I can now save the changes and they do work.
You are GREAT, no reinstall here.
Thank you VERY MUCH.

-----Original Message-----
OK. First see if you can perform a system restore point [look it up in help] to see
if you can roll back system to a time before problems began. I don't know if you can
access gpedit.msc or not. If you can and system restore was not an option, try to go
to the \windows\system32\group policy\user folder [you will need to give yourself
permissions again if you still have deny] and rename

the
registry.pol file there and

reboot. Then use gpedit.msc to bring up Local Group Policy and define a setting
somewhere in administrative templates. You can undefine it right away and that should
give you a clean Local Group Policy for user

configuration with no settings defined.

Log off and back on to see if problems cleared up. If

not
you may need to do a

reinstall. You can reinstall into existing \windows folder that the installation
process will detect when prompted to select L without doing any formatting. That way
your data should stay intact, but you will need to

reinstall applications on top of

themselves, reapply service pack and critical updates

from Windows Update making sure

that the ICF firewall is enabled before connecting to

the
internet. Your original

profile should still be there and you will have to look for it under the documents
and settings folder to retrieve any data you have there in my documents, etc. Be sure
to decrypt any files that you may have encrypted with EFS, before doing any
stall. --- Steve

THANKS this is very useful, however in this case this did
not work. After I reset EVERYTHING, I ran gpresult

and
it

still tells me that the local policy is filtered, leaving
the user that is logged on (administrator) to assume the
following security groups
NONE, EVERYONE/Builtin\administrators\builtin\users local
NT Authority\interactive and NT authority\authenticated
Users
I get the following message "the following GPOs were not
applied because they were filtered out LOCAL GROUP POLICY
Filtering: Disabled (GPO). I even used the overwrite
command. UGh, I cannot install the resource kit nor
windows update. Whoever did this is good.
Thank you for your help, that was very good information.
-----Original Message-----
I am not quite sure what your problem is, however "the"
built in
administrator account can not be removed from the local
administrators
group. You need to try to log on with that account. You
can uses the secedit
command to reset security to default defined levels and
you might also try
to give yourself dny ntfs permissions on the
\windows\system32\group
policy\users folder. If you get access back, you

need
to

take steps to make
sure your computer is clean and secure it from further
attacks. --- Steve

http://support.microsoft.com/default.aspx? scid=kb;EN-
US;313222 How to use
secedit to reset security.
http://www.microsoft.com/security/protect/

message
I cannot install or make system changes. I am logged on
as administrator.
I did a gpresult and I see someone has placed a Group
Policy on my PC. The results is anyone logging on is
now
a member of none and everyone local group.
I have a feeling my pc was/is hacked.
How can I delete this Policy and enact my LOCAL POLICY?
Thank you for any help.
Cannot install resource kit due to "User installations
are
disabled via policy on the machine." This is not MY
policy, it is the one filtering mine.
Doman type (Local Computer) NO AD.


.



.

.