Over 1 million tech questions and answers.

Boot stuck on Group Policy Local Users and Groups policy (1 Hour)

Q: Boot stuck on Group Policy Local Users and Groups policy (1 Hour)

Hi all
For the past 6 months we have received reports of PC's taking up to an hour to get to the login prompt.
All our PC's are running Windows 7 32/64 Bit.
The message is always "Applying Group Policy Local Users and Groups policy"
Once it gets to the login prompt they will login with no problem.
I have enabled GPO logging on 1 PC and the results show as below (sorry for the wall of text) Boot time was 15:16.
I was hoping someone else had come across this issue and maybe has some insight
Network team say "its not the network"!!
Server Team say "Its not DNS or Group Policy" !!
So its been left with me on the desktop team to diagnose the fault
Regards
Paul Griffiths - NHS Trust in Bristol

GPSVC(534.75c) 15:17:14:459 ProcessGPOs: -----------------------
GPSVC(534.75c) 15:17:14:459 ProcessGPOs: Processing extension Group Policy Local Users and Groups
GPSVC(534.75c) 15:17:14:459 ReadStatus: Read Extension's Previous status successfully.
GPSVC(534.75c) 15:17:14:459 CompareGPOLists: The lists are the same.
GPSVC(534.75c) 15:17:14:459 GPLockPolicySection: Sid = (null), dwTimeout = 30000, dwFlags = 0
GPSVC(534.75c) 15:17:14:459 LockPolicySection called for user <Machine>
GPSVC(534.75c) 15:17:14:459 Sync Lock Called
GPSVC(534.75c) 15:17:14:459 Writer Lock got immediately.
GPSVC(534.75c) 15:17:14:459 Lock taken successfully
GPSVC(534.75c) 15:17:14:459 ProcessGPOList: Entering for extension Group Policy Local Users and Groups
GPSVC(534.75c) 15:17:14:459 MachinePolicyCallback: Setting status UI to Applying Group Policy Local Users and Groups policy...
GPSVC(534.75c) 15:17:14:459 ProcessGPOList: No changes. CSE will not be passed in the IwbemServices intf ptr
GPSVC(534.5a8) 15:17:14:459 Message Status = <Applying Group Policy Local Users and Groups policy...>
GPSVC(534.5a8) 15:17:14:474 Setting GPsession state = 1
GPSVC(ee8.efc) 15:17:15:520 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x2a4
GPSVC(ee8.efc) 15:17:15:520 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(534.5ac) 15:17:15:520 Target = Machine
GPSVC(ee8.efc) 15:17:15:520 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(ee8.efc) 15:17:15:520 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(534.75c) 15:17:15:691 ProcessGroupPolicyCompletedExInternal: Entering. Extension = {17D89FEC-5C44-4972-B12D-241CAEF74509}, dwStatus = 0x0
GPSVC(534.75c) 15:17:15:707 GetWbemServices: CoCreateInstance succeeded
GPSVC(7f0.b0c) 15:18:41:177 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x50c
GPSVC(7f0.b0c) 15:18:41:177 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(534.5ac) 15:18:41:177 Target = Machine
GPSVC(7f0.b0c) 15:18:41:177 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(7f0.b0c) 15:18:41:177 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(534.5ac) 15:18:41:177 Target = Machine, ChangeNumber 0
GPSVC(7f0.b0c) 15:18:41:177 CGPNotify::RegisterForNotification: Entering with target S-1-5-18 and event 0x54c
GPSVC(7f0.b0c) 15:18:41:177 Client_InitialRegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(534.5ac) 15:18:41:177 Target = S-1-5-18
GPSVC(534.5ac) 15:18:41:177 Could not find user by sid, finding user by session id
GPSVC(534.5ac) 15:18:41:177 Caller requesting for user notification/lock is from session 0
GPSVC(7f0.b0c) 15:18:41:177 Client_RegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(7f0.b0c) 15:18:41:177 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(534.5ac) 15:18:41:177 Target = S-1-5-18, ChangeNumber 0
GPSVC(534.5ac) 15:18:41:177 Could not find user by sid, finding user by session id
GPSVC(534.5ac) 15:18:41:177 Caller requesting for user notification/lock is from session 0
GPSVC(a1c.9c0) 15:18:46:007 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x364
GPSVC(a1c.9c0) 15:18:46:007 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(534.5ac) 15:18:46:007 Target = Machine
GPSVC(a1c.9c0) 15:18:46:007 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(a1c.9c0) 15:18:46:007 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(534.5ac) 15:18:46:007 Target = Machine, ChangeNumber 0
GPSVC(a1c.9c0) 15:18:46:007 CGPNotify::RegisterForNotification: Entering with target S-1-5-18 and event 0x3a4
GPSVC(a1c.9c0) 15:18:46:007 Client_InitialRegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(534.5ac) 15:18:46:007 Target = S-1-5-18
GPSVC(534.5ac) 15:18:46:007 Could not find user by sid, finding user by session id
GPSVC(534.5ac) 15:18:46:007 Caller requesting for user notification/lock is from session 0
GPSVC(a1c.9c0) 15:18:46:007 Client_RegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(a1c.9c0) 15:18:46:007 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(534.5ac) 15:18:46:007 Could not find user by sid, finding user by session id
GPSVC(534.5ac) 15:18:46:007 Caller requesting for user notification/lock is from session 0
GPSVC(48c.614) 15:19:13:984 CGPNotify::UnregisterNotification: Entering with event 0x35c
GPSVC(48c.614) 15:19:13:984 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(48c.614) 15:19:13:984 CGPNotify::UnregisterNotification: Canceling pending calls
GPSVC(48c.614) 15:19:13:984 Client_CompleteNotificationCall: failed with 0x71a
GPSVC(48c.614) 15:19:13:984 CGPNotify::UnregisterNotification: Cancelled pending calls
GPSVC(48c.614) 15:19:13:984 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
GPSVC(62c.9c) 15:21:28:103 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x458
GPSVC(62c.9c) 15:21:28:103 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(534.5ac) 15:21:28:103 Target = Machine
GPSVC(62c.9c) 15:21:28:103 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(62c.9c) 15:21:28:103 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(62c.9c) 15:21:28:103 CGPNotify::RegisterForNotification: Entering with target S-1-5-18 and event 0x494
GPSVC(62c.9c) 15:21:28:103 Client_InitialRegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(534.5ac) 15:21:28:103 Target = S-1-5-18
GPSVC(534.5ac) 15:21:28:119 Could not find user by sid, finding user by session id
GPSVC(534.5ac) 15:21:28:119 Caller requesting for user notification/lock is from session 0
GPSVC(62c.9c) 15:21:28:119 Client_RegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(62c.9c) 15:21:28:119 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(4bc.a90) 15:21:48:203 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x100
GPSVC(4bc.a90) 15:21:52:705 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(534.5ac) 15:21:56:706 Target = Machine
GPSVC(4bc.a90) 15:21:56:706 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(4bc.a90) 15:22:02:208 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(534.75c) 16:19:28:803 ConnectToNameSpace: ConnectServer returned 0x0
GPSVC(534.75c) 16:19:28:803 ProcessGroupPolicyCompletedExInternal: Extension {17D89FEC-5C44-4972-B12D-241CAEF74509} was able to log data. Error = 0x0, dwRet = 0. Clearing the dirty bit
GPSVC(534.75c) 16:19:29:021 ProcessGroupPolicyCompletedExInternal: Finished processing extension <Group Policy Local Users and Groups> at 3796424 ticks (ms)
GPSVC(534.75c) 16:19:29:021 ProcessGroupPolicyCompletedExInternal: Leaving. Extension = {17D89FEC-5C44-4972-B12D-241CAEF74509}, Return status dwRet = 0x0
GPSVC(534.75c) 16:19:29:021 ProcessGPOList: Extension Group Policy Local Users and Groups returned 0x0.
GPSVC(534.75c) 16:19:29:021 ProcessGPOList: Extension Group Policy Local Users and Groups status was not updated because there was no changes and no transition or rsop wasn't enabled
GPSVC(534.75c) 16:19:29:021 UnLockPolicySection called for user <Machine>
GPSVC(534.75c) 16:19:29:021 UnLocked successfully
GPSVC(534.75c) 16:19:29:037 ProcessGPOs: -----------------------

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Boot stuck on Group Policy Local Users and Groups policy (1 Hour)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 159.2

I want to use Local Group Policy Editor to apply group policy to a specific custom security group created using local users
and groups snapin for MMC.
Is this possible and if so how?

If not, than what is the purpose of being to add local security groups.

Custom groups do not appear to show up in the list of users compatible with local group policy. 

Software/Hardware used:
Windows 8

Read other answers
RELEVANCY SCORE 138.8

I was setting up local group policies on a laptop so I could apply them to non-admin accounts. Well I goofed and accidentally applied the policies to all users including the admin. The problem is I was restricting access to all programs except a certain few like internet explorer, remote desktop, etc as users will only need to access their webmail and remote desktop to access the terminal server. Now I cannot do anything with the admin profile because the policy was applied to my account as well. What can I do??

A:Accidentally applied local group policy to all user groups

Which Administrator account did you apply this to? The default or did you enable the built-in Administrator account and apply it to that also?

If you didn't go through any steps to activate an admin account previously, you could probably enable the built-in one and change the settings for the normal Administrator account.

Built-in Administrator Account - Enable or Disable

Read other 2 answers
RELEVANCY SCORE 133.6

So In all my searching I can't really find a workaround for this. I have a domain and plenty of domain users but I have one department that remains local user accounts. All I want to do is set the default homepage for these 47 domain connected machines.
So with domain users I can use loopback policy to apply the user gpo settings to any computer in those specific OU's.  But that simply will not apply to local accounts.  Any other thoughts on how to make this work centrally?  Not super interested
in doing one by one.
thanks in advance.

Edit: I did try pushing a registry setting via the computer config but doesn't seem to be taking.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
?Start Page?=?http?

Read other answers
RELEVANCY SCORE 132.4

Here's my situation. I've got a computer that's shared by several people (in a small church library), which I'm trying to lock down in a controlled fashion.

The system is running Windows XP Professional. In addition to the administrator account, I've created one restricted account for the librarian, which is password-protected, and one restricted account with no password for everybody else. It's a stand-alone computer -- no domain, no domain controllers, no active directory.

I've successfully implemented a local group policy which prevents users from doing things like changing screen resolution, screen saver settings, etc. But I'd like to have this restriction apply only to the one "everybody" account, and not to the other accounts, and I haven't been able to figure out how to do this. Is it possible? What are the steps involved?

Thanks,
Tom

A:Local group policy -- how to select users?

Hello, Tom, and welcome to TSF. If the "open to everyone" account is used by really numerous individuals, of varying levels of IT competence, then I would strongly suggest you take some time and have a look at a utility provided gratis by Microsoft, the Shared Computer Toolkit for Windows XP. Invest some time to browse all the area I've linked for you, and please post back if you really think this is what will effectively help you keep this computer under your control, your way, all the time.

Read other 3 answers
RELEVANCY SCORE 130.8

Hello,

Does anyone know how to exclude a user from accessing anything on
a local computer , but still be able to use a shared program from that
machine? IE. not be able to see the computer or folder through
my network places or through computer management "shares" folder
or be able to change any settings on the aformentioned machine?
Basically, I want to share a program but not have that user have the
ability to change anything on this "server". It is a peer to peer setup
with XP pro running on all machines. I have tried everything from
sharing and security - but it is my understanding that a Group Policy /
Local Policy should be setup for this machine which would prevent access?

Any help would be greatly appreciated.

graham neil
 

A:Local Group Policy - program excusions for users

How are they going to access it if you take away all the permissions from accessing? I see your quandary. Not sure how you are going to give them permissions to use something that you don't want them to use.

You can deny them local login access to the machine but if they need access to something over the network they have to see it to be able to use it.
 

Read other 3 answers
RELEVANCY SCORE 130.8

Hi Team,
Please let me know what is the standard Setting for below Security Setting ( Audit Policy ), which are followed in most of the Company.

For Eg:- Should i set ' Success & Failure ' for ' Audit account logon events ' & for ' Audit account management' etc...




Thanks & Regards,
Param
www.paramgupta.blogspot.com

Read other answers
RELEVANCY SCORE 129.6

I created a policy for non-administrators in Microsoft Management Console. However, I couldn't find a policy to restrict user into a specified folder.

A:How to use local group policy editor to restrict users to Desktop

Exactly what are you trying to accomplish?

Read other 3 answers
RELEVANCY SCORE 128.8

Will either of these allow me to restrict drive access to a single user only? I've tried to restrict drive access with Group Policy Editor but it applies the restriction globally--even to me the administrator.

Could anyone let me know if this is possible and how to do it?

Much thanks.

A:Group Policy Editor or Local Security Policy

I take it that you want to restrict access to this drive to everyone but yourself. Which drive are you referring to, is it locally connected or via a network?

Read other 6 answers
RELEVANCY SCORE 117.2

Hi,
I am running Windows 7 Pro and know how to work the group policy. Is there any way I can assign options to a specific group that I created?

A:Group Policy Editor for specific groups

Hello there.
This tutorial should help: How to apply local group policies to a specific user or group.

Read other 3 answers
RELEVANCY SCORE 115.6

Hi all,
I received this message when i tried to look at the local group policy setting on one of my machines (Windows XP SP3), which is joined in my domain.
"Failed to open group policy object on this computer. You may not have appropriate rights.
Details:
Unspecified error."
note that I am local admin.
It's all started when I was troublshooting WSUS connectivity and i looked at the WinsdowsUpdate.log, the WSUS server was <Null> & WSUS status server <Null>, I tried to force the domain GP by using GPupdate /force, it went fine and asked to
log off, but nothing changed in the WindowsUpdate.log still <Null>. Then i tried to look at the local policy setting.
I searched the internet nothing related to my case.
Thanks in advance for advising.
Mohammed Adel

A:Group policy error: Failed to open group policy object on this computer.

I guess reinstall windows is the solution, I also found one log "event id 1096", related to "registry.pol" it was corrupted.
Regards,
Mohammed Adel

Read other 9 answers
RELEVANCY SCORE 112

Windows Vista Home Premium, How can I turn off group policy, If I try to run defender or change startup programs, it will not allow me. Message to contact your system administrator to turn off group policy.  Please help

Read other answers
RELEVANCY SCORE 109.2

Hi, I have a local group policy on Vista x64 that is not running. This script runs fine on every other OS. W2K > Win7 (including x64 machines) It is a machine policy and it will not run. It is a script that runs bginfo from the Program Files folder. Any ideas? Thanks

A:Local Group Policy Not Running

Hi,

What version of Vista is this? Is it Home Premium, Home Basic, Business Basic, Business Premium or Ultimate (or other)?

Go into Services, and check for the "Group Policy Client" service. You cannot (easily) stop this service, but make sure it is there and running.

Richard

Read other 8 answers
RELEVANCY SCORE 109.2

I have a large network of about 500 machines on a domain. I have set up a local account for exams, with a special local Group Policy that is for non-administrators. The group policy restricts almost everything apart from a few applications.

I need to copy this GP over to another 20-30 machines. Is there any way i can do this.

Copying %systemroot%\system32\grouppolicy didn't work.

A:How to copy local Group Policy?

Welcome to Sevenforums theslowminded!

After you copied the policy over, did you force the update?


Code:
gpupdate /force

Read other 4 answers
RELEVANCY SCORE 109.2

do u know how to configure group policy so once user logs in,he can be assigned local administrator rights.

I wants the moment user logs in a new computer in a domain,in their user configuration
they will automatically assigned local administrator rights rather than I am using contol panel to add manually.
 

Read other answers
RELEVANCY SCORE 109.2

I have created three user accounts on my computer. Admin, Maint and operator...added the operator account to the group policy snap-in with very restricted policies. Problem is I have somehow associated the Admin and maint as well, how do I reset the local group policy back to default settings? I need to recover the admin capabilities to make changes to the computers.

A:local group policy editor

Hi..JOEYGE... Welcome to SF...Check this link. Hope it helps.

Local Group Policy - Reset to Default

Read other 9 answers
RELEVANCY SCORE 109.2

Hello, I'm using window 7 home. So i dont have local group policy. I want to stop user other than "admin" myself to enter control panel. Anyone know to do it manually? I know there is a way to do it manually with regedit at user setting but not sure how. Or is there any software that does the same thing as local group policy of pro--enterprise edition of window 7?
 

A:Window 7 local group policy

http://www.tweaknow.com/powerPack.php

slight cheating way around it i suppose, go to windows secrets control panel custom etc etc etc
 

Read other 3 answers
RELEVANCY SCORE 109.2

I've an WinXP SP2 box that I locked down using the Local Group Policy MMC but I need to know if I can selectively lock down accounts manner. I'd like to lock down all the accounts save the local admin account. Thanks in advance!
 

Read other answers
RELEVANCY SCORE 109.2

Hi guys,
I couldn't seem to find the answer in any other posts. If its there apologies for repeating.
I want to create a few group polices each with there own particular restrictions. I want to be able to add these policies to individual users as I see fit. Now (and i am relatively new at this) it seems that you can only attach these polices to the whole OU, which filters down to all the folders below. This of course would then effect all my users in the 'Users' folder.

I heard that you could attach a policy to a group and then of course just add users to that group??

Any ideas on the way forward would be great.

Mucho thanks

FC
 

Read other answers
RELEVANCY SCORE 109.2

Hi guys;

I have a few machines running windows 7. Is it possible at all to use the group policy to limit functions to particular users. For example; if the user is a member of the 'limited user' group, specific rules apply, but if however the member is an administrator the policies do not apply?

There are several policies I have implemented however they get in the way for administrators.

How can I go about setting policies for particular users?

Thanks in advance.

A:Group Policy for specific users

Hello Scud, and welcome to Seven Forums.

Yes, you can use the tutorials below to have group policy settings apply to all but administrator, and/or to only specific users or groups.

Local Group Policies - Apply to All Users Except Administrators

Group Policy - Apply to a Specific User or Group

Hope this helps,
Shawn

Read other 6 answers
RELEVANCY SCORE 108.4

I have an SCCM Client deployed to several test PC. The client configures LGPO directing the PC to receive Windows Update from our SCCM server.  However, it fails. WUAHANDLER.LOG shows the following errors:
Enabling WUA Managed server policy to use server:http://xxxxx.xxx.net:8530
Waiting for 2 mins for Group Policy to notify of WUA polucy chnage...
Unable to read existing WUA resultant policy. Error = 0x80070002.
Group Policy settings were overwritten by a higher authority (domain controller) to: Server and Policy NOT CONFIGURED
Failed to Add Update Source for WUAgent of type (2) and id{{.......}}. Error=0x80040692.
I checked domain GPOs and there is no GPO that would cause this conflict.  I ran RSOP to verify.  What I noticed is that gpresult did not show LGPO as being applied. But when I unlinked all the domain GPOs (linked to the PC OU), gpresult showed
LGPO as being applied.
Any ideas or suggestions welcome.
 

A:Group Policy settings were overwritten by a higher authority (domain controller) to: Server and Policy NOT CONFIGURED

Hi,
 
For this issue, please try to refer to the following article;
 
Troubleshooting Group Policy Configuration for Software Updates
 
If this issue persists, for a better support service, please kindly post at the SCCM forum for further help:
 
System Center Configuration Manager Category
 
Alex ZhaoPlease remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Read other 4 answers
RELEVANCY SCORE 108

I have been trying to open the Local Group Policy editor as I need to check the "Lock pages in memory" option in order for a PS2 emulator to work.

I can find the file when searching in my computer but when I open it it says it cannot create the MMC span-in. I have tried to add it to the MMC by clicking on file and Add/Remove snap-in, but when that box opens the 'Group Policy Object Editor' doesnt exist on the list of items.

I am really confused and cant work out why it doesnt seem to exist or work on my computer.

I am running Windows 7 Home Premium.

Thanks for your help

A:Can't find Local Group Policy editor

Welcome to the forum,

Group Policy editor is not available on home premium.

win7 home final - no gpedit.msc?

Read other 2 answers
RELEVANCY SCORE 108

Hello everyone,


I am slowly working my way through Scott Muellers Comptia A+ Cert guide and currently learning about security fundmentals. I have a test rig running XP Pro service pack three.

However when I wanted to go into local group policy to hide specified drives on that computer (as an experiment) I couldn't see anything listed under windows components except media player.

I followed the same route as you would on windows 7, User config-administrative templates-windows components, but there is nothing there. By the way my test rig is not connected to any networks at all.

What did I miss?!

Thanks

A:Query about local group policy settings in XP Pro

We are not here to help you with your homework. How would you learn if we told you? This thread is now closed.

Read other 1 answers
RELEVANCY SCORE 108

When I run the Local Group Policy Editor an error box appears telling me that Resource '$(string.VerMgmtAuditModeEnable)' referenced in attribute displayName could not be found. File C:\windows\PolicyDefinitions\inetres.admx, line 1495, column 249.
This occurred after a clean install of Windows 8 then download and update to Windows 8.1. I have done two installs and updates to Windows 8.1 and still the problem persists. Any help in solving this, as it is annoying me. Thanks.

A:Local Group Policy Editor Error.

Hi harrycat310,
Please take the following steps to fix this issue:
1. Visit the following link and download the Administrative Templates (.admx) for Windows 8.1 Update and Windows Server 2012 R2 Update
http://www.microsoft.com/en-hk/download/details.aspx?id=43413
2. Install the msi and replace the folder C:\Windows\PolicyDefinitions
with the folder PolicyDefinitions created by Windows8.1-Update-ADMX.msi.
3. Please backup the folder C:\Windows\PolicyDefinitions before the replacement.
Best regards,
Fangzhou CHENFangzhou CHEN
TechNet Community Support

Read other 18 answers
RELEVANCY SCORE 108

Hi all,

I am currently locking down a PC for a client of mine. PC is used as a DMZ, used by the public only to access the internet. PC runs Windows XP Pro SP2.

While configuring the Local Group Policy through gpedit.msc (or through mmc - add/remove snap-in ...) I realised that while applying policies at the "User" level, the administrator account also inherits these policies. Sames goes if applied at the "Computer" level, but that goes without saying.

Luckily I was not applying them directly to the PC in question, rather applying local policies through a VMware session on my laptop, just in case something like this happened.

My question is how can I apply strong Local Group Policies on a PC WITHOUT the administrator account inheriting them?

I tried setting "Deny" permissions on the C:\WINDOWS\System32\GroupPolicy folder, but to make changes to GPO's you need access to this folder. I did work though!

I should also say that this PC is not joined to the Domain and is on a separate subnet to all other PC's.

Any help would be apreciated.

Cheers
 

A:Local Group Policy question (WinXP Pro)

This is a very knowledgeable site BUT, if you receive no answer here, these people are very often quite helpful with Network stuff;

http://forums.windrivers.com/index.php?

gl


 

Read other 6 answers
RELEVANCY SCORE 108

dir sirs

i have a big problem in my netword
i changed the server and i get a new one
when i log in by local administrator in cients to jion the computer to the new domain
the local administrator is logged in efficted by the a user group policy
i have windows2000 advanced server

so i cannot see the desktop and i cannot join the pc to the netword
any help plzzz
 

A:why local administrator efficted by group policy

From what I understand, you are trying to join client pc's to your domain using the local admin accounts on the client. Is this correct?

When changing from workgroup to domain it will bring up a window asking for a username and password. Since the client is not yet on your domain, if needs authentication to join said domain from an authorized user account (domain admin account).
Enter the domain name first, then with a "/" without quotations, then a domain admin account name in the username field. Enter the domain admin accounts pw in the password field and hit ok. After a minute or so you will receive a welcome message.

Here is a simple example:
Domain: potatochips.com
Domain Admin Username: potatochipeater
pw for that account: ilovepotatochips

So, in the box that comes up enter the above information as so.....

Username: Potatochips/potatochipeater
Password: ilovepotatochips
I hope that this info has helped you. Please reply if you have any other questions.
 

Read other 2 answers
RELEVANCY SCORE 108

Hey all, stuck against a bit of a wall, here. I have a bunch of vista computers and I need them to automatically map a network drive whenever the user logs in.

In the past, we've used a login script and a .bat file to create the shares. But we're getting ready to switch over to vista, but the login script doesn't work under vista.

I've heard that its better to use Group Policy for this, but I cannot figure out how to do it using LOCAL GROUP POLICY. I've found about 100 or so guides for doing it using active directory/serverside things, but we're not on active directory, so that's not an option.

I'm sure there is a policy somewhere, can anyone direct me to it?

A:Local Group Policy to map a network drive?

When you map a drive on the workstation, and put a check in the box Reconnect on Logon (sign-in) it will reconnect every time.

Read other 3 answers
RELEVANCY SCORE 108

Hi !

Windows 7 group policy

I've read a lot of post on this topic but haven't been able to find a clear answer to this question.

Is it possible to create different policies on a local machine and somehow assign these policies to the groups logging in on this machine ? Seems to me that changing the group ploicy affects all users.

The machine is not on a network. It is a computer for test purposes in the field not having a domain server to handle the group policies.

Kind regards

A:Group policy on local machine not on network

  
Quote: Originally Posted by kahr


Hi !

Windows 7 group policy

I've read a lot of post on this topic but haven't been able to find a clear answer to this question.

Is it possible to create different policies on a local machine and somehow assign these policies to the groups logging in on this machine ? Seems to me that changing the group ploicy affects all users.

The machine is not on a network. It is a computer for test purposes in the field not having a domain server to handle the group policies.

Kind regards



Gpedit does change group policies, and all users in that group are affected. I am a little confused as to what you want to do to the users.

Read other 4 answers
RELEVANCY SCORE 108

Howdy

I was going through some steps to lock down my Windows 10 machine and I have come across the following in Local Group Policy:
Enumerate administrator accounts on elevation - this sounds like a really good idea but when I set it to "Disabled", when I try to run (say) regedit as an elevated/admin user I get prompted to type in my username/password but no option to use PIN as an option? Is this possible?
Require trusted path for credential entry - I already have UAC turned up to the max setting and login with a SUA, is there any further benefit to enable this setting? If I enable this setting I have to click through the following two screens before I am prompted with the UAC prompt to enter my password or PIN:



3. Disable or enable software secure attention sequence - I'm tempted to enable this option and set it to "None" in the drop down box:


Is there any risk/downside to doing this?

4. Boot-start Driver initialization Policy: I'm also tempted to set this to "Enabled" and then set the option in the drop down box to "Good only":


Hopefully this doesn't brick my machine! I have UEFI and Secure Boot enabled.

Are the above good options to enable to further lock down a Windows 10 machine?
 

Read other answers
RELEVANCY SCORE 108

Hi, I have a question about the Local Group Policy Editor. I know you can either enable or disable things for all users but is there any way to enable or disable things for only a certain user group (either Standard Users in general or a customized user group created in the Local Users & Groups Editor (lusmgr.exe). For example if I want only a certain user group to be able to lock the computer, in the Local Group Policy Editor I can enable that so no-one can lock the computer but I want admins to be able too etc.

I would love it if someone could answer my question soon

Thanks
Daniel Callaghan

A:Local Group Policy Editor Question

Secpol.msc / Local Policies / User Rights ? This won't stop them from logging off...
But this will: Start Menu - Enable or Disable Log off

Read other 9 answers
RELEVANCY SCORE 108

Hi

In all editions of Windows 8, there is the local group policy editor? If so, how do I find it?
Thanks

Bye

A:Find the local group policy editor

Open Run box & type in:

gpedit.msc

& click OK.

I know it's available in the Pro version.

Read other 4 answers
RELEVANCY SCORE 108

I want to disable the default reboot after Windows runs unattended updates as this often prevents my overnight backup from running.

I have tried using the gpedit.msc routine to access the Local Computer Policy Editor but apparently that does not work in Win 7 Home Premium which I have.

Is there a manual way I can disable the reboot function?

A:Can't access Local Group Policy Editor

Hello Franco, and welcome to Seven Forums.

The Windows 7 Home Premium edition doesn't include the Local Group Policy Editor. However, you can use OPTION ONE in the tutorial below to disable the automatic restart for Windows Updates instead.

Windows Update - Enable or Disable Automatic Restart

Hope this helps,
Shawn

Read other 5 answers
RELEVANCY SCORE 108

Can anyone advise me on how to open the Local Group Policy Editor in Windows 8, because typing GPeditor.msc in the run prompt doesn't work. I've looked online for an answer but wasn't able to find anything helpful. I would like to make a change to the boot time from here, but for the life of me, can't figure out how to get into it. Please help.
Thanks
 

A:Solved: Local Group Policy Editor

Read other 14 answers
RELEVANCY SCORE 108

Hi to all,

when i open Local group policy but not open properly and show message fail to open Local group policy on this computer..........

how to solved this error........ Please Help me!!!

A:fail to open Local group policy

hi and welcome..

Make sure you run as administrator for permission.

Read other 9 answers
RELEVANCY SCORE 108

Not long ago Soul Invictus loaded winXPpro on the PC and confronted an issue. Thats really not surprising. Issues exist using this, the latest & greatest OS in wide distribution world-wide. It was developed upon previous versions, so it really shouldn't come as a big surprise what it does & to some extent, how it does it. Yet, it still exists with functionality barely defined to the novice user, IMHO.I have XP Professional and I'm getting my bearings on the differences between this version and another XP version. I notice this one has a Windows Firewall. My problem is that I used to be able to access my employer's company intranet from home. When I go to the site and enter my login info I get the message: Access Denied (policy_denied). Your system policy has denied access to the requested URL. For assistance, contact your network support team. I'm thinking I have to modify a setting in gpedit.msc, however I can't be sure. Any thoughts of what security setting that needs to be modified? My thoughts are:Policy information in winXPpro is kinda confusing.Like many, I am the network support team in my household.My thoughts are: "What should I do when contemplating changing a setting".Any changes might best be done knowing first what the default settings are.and where to find them.and how to interpret the information available on the OS about these settings. So, I navigated to the "group policies" that typing gpedit.msc in the &q... Read more

Read other answers
RELEVANCY SCORE 108

Hi,

I was following this tutorial: Group Policy - Apply to a Specific User or Group in order to setup group policy for certain users/groups.

However, when I got to the "Browse for a Group Policy Object" dialogue box, the only tab present was Computers, there is no tab for selecting specific users/groups as described in the tutorial. I have attached a screenshot of the dialogue box in MMC.

Can anyone help me out with this? I am new to local group policy.

A:No Users Tab when Browsing for a Group Policy Object

Anyone..... I really need this issue resolved!

Read other 1 answers
RELEVANCY SCORE 108

Long story. I'm a teacher and part-time network administrator at my school. Our domain controllers (2) still run Wondows server 2000. I noticed two weeks ago that one of them had its antivirus program turned off (McAfee Enterprise 8.5) and I could not get it back on. After some reasearch, I deleted two old registry keys related to a previous Mcaffee install, reinstalled the software and it starts up and updates. I thought that was the end of it. Nowthis week, I'm getting calls from students saying their networked computers are either re-directing when doing Google searches or just not connecting to any web site. I scanned one of the student machines and Malwarebytes identified 7 problems: Hijack.Desktop, Hijack.Display, Hijack.DisplayProperties (twice), Hijack.Regedit, Hijack.Run, Hijack.taskmanager. These are the registry keys identified...they all start with the same thing so I'll only write that part once: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
after that is: Explorer\ForceActiveDesktopOn
ActiveDesktop\NoChangingWallPaper
System\NoDisplayBackgroundPage
System\NoDisplayScreenSaverPage
System\DisableRegistryTools
Explorer\NoRun
System\DisableTaskManager

These registry keys correspond to group policies we use for students to limit their ability to change certain parts of the OS. I then went to the two domain controllers and ran DDS. I've atttached both DDS logs below. RootRepeal w... Read more

A:Infection pushed down to users by Group Policy

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 4 answers
RELEVANCY SCORE 106.8

Hello there,

I have learnt creating policies files from this tutorial.. Now I am facing problem searching and configuring different policies.
1. I dont want 'student' to be able to create files/folder in c: drive.
2. I dont want 'student' to have access to the Internet.

Regards.

A:Let us apply a simple local group policy together in Windows 7.

right click C: drive. select share with / advanced permissions / select advanced sharing and remove student from the list.

Read other 2 answers
RELEVANCY SCORE 106.8

Hi,

I'm not sure where to post this as it's not really a network issue due to the computers not being domained.

At the moment I am applying local group policy settings for each computer (many computers) manually on each machine (Taking about 20 minutes per machine due to the MANY settings that need checking).

Is there any way I can cut this time down by saving a set of policy options from one computer and applying that set to multiple other computers (via a usb stick etc?)

Thanks in advance,

Jack

A:Automating Local Group Policy on non-domain machines?

Hi and welcome to TSF not quite sure but you may find something here Group Policy management for IT pros

Read other 13 answers
RELEVANCY SCORE 106.8

I have set some access limits on some programs, but the user that has the limits can run the Local Group Policy Editor and change the settings. How do I prevent access by other users to the Local Group Policy Editor?

Thanks for the help.

A:How do I limit access to the Local Group Policy Editor?

Hello Runandnottire, and welcome to Seven Forums.

The only way to do so would be to change their account type from administrator to standard user.

Hope this helps,
Shawn

Read other 3 answers
RELEVANCY SCORE 106.8

I have some Windows 7 PC which are not in a domain, I need to disable the ability for any user(Inc. Admins) to change the time of these PCs. The setting for this is:
"Computer Configuration / Windows Settings / Security Settings / Local Polices / User Rights Assignment / Change the system time"
How can I do this from the command line so I can put it into a script? If there isn't a way to control gpedit from the command line, is there a registry key I can change to get the same result?
 
Thanks

Read other answers
RELEVANCY SCORE 106.8

Trying to restrict non-admin users from seeing a lot of programs under the Start Menu. Already using the GPO for non-admin users and I'm hoping there is an area I can achieve the above. So the idea is admin account sees all the programs as normal, non-admin user restricted to only seeing a few programs on the Start menu. Can I achieve this through local group policy and if so where

Thanks

A:Local group policy start menu programs

If this is for a home, then it would be simpler to move the shortcuts from all users start menu* to the admin profile(s)**. However, hiding the shortcuts by moving them or via GPO (if there is a way to do that) would not stop users from starting the program via the Windows (file) Explorer.

GPO can restrict a user from running a program. In theory, this should work no matter how the user attempts to run the forbidden program. In reality, they are ways to start some programs restricted by GPO. That is why I wondered if this is for a home - then we might be talking about adults vs. children.

*C:\ProgramData\Microsoft\Windows\Start Menu\

**C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu

Read other 9 answers
RELEVANCY SCORE 106.8

I recently locked down a PC's with LGP. It is heavily restricted for public use.

One strange problem that has cropped up is the Flash player in Firefox.

I didn't install the plug-in before I locked down the user account.
Afterwards I realized I hadn?t installed it so I logged on to the Admin account and installed the plug.
The player now works fine when logged in as Admin or as a User with full privileges but won?t play in my locked down user account, where I still get a message saying the plug-in is not installed.

Any ideas what?s going on here or what I might have done in LGP?

A:Local Group Policy and Firefox plugins (Flash)

It doesn't work because the LGP is in effect. Since you added Flash after enabling LGP it makes sense. Just like what you wanted. Say you don't want Flash on the computer for security reasons, but someone tries to install it. It won't work. You need admin account to use it. If you want Flash and LGP you need to undo the LGP, install Flash, and then re-enable LGP.

Read other 1 answers
RELEVANCY SCORE 106.8

I want to disable auto run and auto play of my disk drives for security. To do that, I need to access my Local Group Policy.

However, while logged into my regular account, I am unable to access the Local Group Policy Editor via the gpedit.msc file.

I get a "You don't have permission to access this file" error message.

I don't even have the joy of a UAC prompt. : (

I have Win 7 Pro and am the only user and owner of my computer.

Do I have to get into my admin account and change the settings from there?

A:Unable to open Local Group Policy Editor (using Win 7 Pro)

See if these tutorials help:

AutoPlay - Enable or Disable

AutoPlay - Turn On or Off

AutoPlay - Enable or Disable for Non-volume Devices

AutoPlay Shortcut - Create

Autorun.inf Files - Completely Block

Read other 1 answers
RELEVANCY SCORE 106.8

Hello,

we would like to have the background image on all our Windows 7 32/64Bit machines rotating. The theme has been created and copied to all computers.
Unfortunately, the GPO setting "Load a specific theme" applies for first logons to a workstation only, not to users who have an existing profile.
How can we set all users/workstations to use the new theme as default automatically? This would be for some hundreds of workstations and woud need to be seemsless for the users. 

Any help is highly appreciated!

Best regards
Matthias

Read other answers
RELEVANCY SCORE 106.4

Hi,

I'm trying to create a system restore point but vista refuses to let me do this as it says it is disabled by Group Policy. Can anyone let me know how to turn this off. My machine is a home pc on my own network and i am the adminstrator for the box. I tried downloading the Group Policy Object Editor but it won't install as not compatable with my my version (Home Premium).

Can anyone help? Really want to start messing about with the look and feel of the box but not at the price of wrecking it!

Thanks in advance.

Chris
 

Read other answers