M HYPE SPLASH
// updates

Group Policy Editor restricting my administrator account?

By Abigail Rogers

Hi I have created a problem on my PC and now I feel really stupid. I tried to restrict access to certain programs on a recently created standard user account via "gpedit.msc". After completing the list of programs I wanted the particular account to have access to, it has now also applied that to my administrator account. I am using win 7 pro x64.

I cannot access anything except 4 programs that were on the list, everything else I try to do gets denied. I cannot even get back in the group policy editor (gpedit.msc) as I get this error:

"This operation has been cancelled due to restrictions in effect on this computer. Please Contact your system administrator."

I am the system admin, I do not get it? I literally cannot do a thing or open a thing. What do i do? I feel so stupid I've basically locked myself out of my own computer. I followed what it said on this link How-To-Geek.

Please help!!

2 Answers

I was able to find the answer after some searching around, this answer is from this question in Server Fault, posted by San Jac.

I had the same issue by accidentally changing system settings in gpedit. Try this fix I got from Greylox.... It worked for me.

  1. Open "Run" & enter %systemroot%\system32\GroupPolicy\User

  2. Delete registry.pol (if it exists).

  3. Go to %systemroot%\system32\GroupPolicy\Machine and delete registry.pol (if it exists).

  4. Reboot your system.

  5. Log in using your administrator account & create a new administrator account.

  6. Reboot the computer & login as under new administrator account.

  7. Open "Run" & enter gpedit.msc

  8. Go to "Local Computer Policy" → "User Configuration" → "Administrative Templates" → "system" → "Run only specified Windows applications" (as shown below) & disable it.

Local Group Policy Editor screenshot

  1. Run gpupdate /force and login with your old administrator account.
1

If you cannot create an administrator using command prompt to reset your group policies.

  1. Copy the script below to a notepad & then save it as {file name}.vbs
  2. Run the script.

This should reset all the GPO's applied

 If WScript.Arguments.Count = 0 Then Set objShell = CreateObject("Shell.Application") objShell.ShellExecute "wscript.exe", Chr(34) & WScript.ScriptFullName & Chr(34) & " Run", , "runas", 1
Else
set winsh = CreateObject("WScript.Shell")
set winenv = winsh.Environment("Process")
windir = winenv("WinDir")
strPath = (WinDir & "\System32\GroupPolicy") DeleteFolder strPath Function DeleteFolder(strFolderPath) Dim objFSO, objFolder Set objFSO = CreateObject ("Scripting.FileSystemObject") If objFSO.FolderExists(strFolderPath) Then objFSO.DeleteFolder strFolderPath, True End If Set objFSO = Nothing End Function
strPath = (WinDir & "\System32\GroupPolicyUsers") DeleteFolder strPath Function DeleteFolder(strFolderPath) Dim objFSO, objFolder Set objFSO = CreateObject ("Scripting.FileSystemObject") If objFSO.FolderExists(strFolderPath) Then objFSO.DeleteFolder strFolderPath, True End If Set objFSO = Nothing End Function
winsh.Run "gpupdate /force", 0
End If

Also refer to How to reset local group policies

5

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in updates

How do I see what I am currently subscribed to?

Wes Anderson in the Land of Dahl