No announcement yet.

Oh Noes!!! I think I broke it help

  • Filter
  • Time
  • Show
Clear All
new posts

  • Oh Noes!!! I think I broke it help

    Hi guys, I was messing around in the GPO editor trying to fix a login script/ Event Viewer error problem and I think I just locked myself out of ever doing anything on any account. What I did was I clicked....

    User Configuration -> Administrative Templates-> System-> Run only allowed Windows applications and before I added allowed programs or anything I clicked okay. Then I got a stupid phone call and forgot about it and logged out. Well it just so happens that now I can't open regedit, cmd prompt, anything except task manager. I cant run gpedit.msc even in Safe mode as Administrator or any account at all to fix it.

    Is there anyway to fix this or am I just screwed and have to the whole OS and everything? Can I just restore the GPO settings somehow through a reboot F8 command prompt or? grrr



  • #2
    Re: Oh Noes!!! I think I broke it help

    I know that with Windows 2000 this setting only prevents users from running programs started by the Windows Explorer Process. It doesn't prevent users from running programs that are sarted by the System process (like Task Manager).

    In that light, I would try using the CTRL-SHIFT-ESC key combination to start Task Manager and then File, New Task (Run) and try to start gpedit.msc.

    Good luck. I hope it works!


    • #3
      Re: Oh Noes!!! I think I broke it help

      I tried that after reading the help file and it doesn't work. Same Error of "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

      Grr I don't see why you can't run gpedit.msc in safe mode as an Administrator or any account. It's silly. Any other suggestions??


      • #4
        Re: Oh Noes!!! I think I broke it help

        Maybe there's a way to run gpedit remotely, from a nother PC?

        I saw a post somewhere that suggested something like:

        gpedit.msc /gpcomputer: computername

        Don't know if it will work but it's worth a try.

        By the way is it a local policy that you're locked out of or a domain policy?

        Good luck!


        • #5
          Re: Oh Noes!!! I think I broke it help

          Problem solved!! I found out that if I deleted the ini file in the GroupPolicy folder as well as the two files under User/Machine. Then renamed a txt file to match the original .ini and restarted the computer I would be regranted access. Yay!!


          • #6
            Re: Oh Noes!!! I think I broke it help

            Well Done!

            A fix to remember!