Error: The Sys Admin Set Policies to prevent this installation

**slipk487** · August 26, 2007

i am trying to install a msi. the problem is im getting an error. all i have come up with is changing HKLM\Software\Policies\Microsoft\Windows\Installer to 0 it was originally 1. i did that but am still getting the system administrator has set policies to prevent this installation. is there anything else i can do. I am currently running Server 2003.

Edit: Went through Local Security Policy and couldnt find anything that would restrict msi from installing.

Also this is what is in the event viewer

The installation of D:\DOCUME~1\SERVER~1\LOCALS~1\Temp\{*}\*.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Edited August 26, 2007 by slipk487

**cluberti** · August 27, 2007

OK, so an administrator has created a software restriction policy in group policy for msi packages.

**slipk487** · August 27, 2007

i had looked throught the group policy's i am the only admin account on it becides the built in admin account which has not been used. i am also the only user on it and it is a fresh install as of saturday.

Edited August 27, 2007 by slipk487

**cluberti** · August 27, 2007

i had looked throught the group policy's i am the only admin account on it becides the built in admin account which has not been used. i am also the only user on it and it is a fresh install as of saturday.

What group policies are being applied to this user and this computer? Run a gpresult /z out to a txt file to see.

**slipk487** · August 27, 2007

where does it output the file i can not find it after running gpresult /z

**cluberti** · August 28, 2007

Well, for example:

gpresult /z > C:\gpresult.txt

... will create the file gpresult.txt on C:\.

**RJARRRPCGP** · August 28, 2007

The problem may be related to this:

http://support.microsoft.com/kb/822798

**slipk487** · August 29, 2007

tryed gpresult /z > C:\gpresult.txt but nothing happened. the cmd window opened and closed right away. i still have not had luck figuring out the problem.

**nmX.Memnoch** · August 29, 2007

Do you have a gpresult.txt file in the root of your C: drive now?

Edit: You did that from the Run prompt...that doesn't work. You have to run that from a Command Prompt.

Edited August 29, 2007 by nmX.Memnoch

**slipk487** · August 29, 2007

that was the problem well here is the output

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 8/28/2007 at 6:58:03 PM



RSOP data for HOME-5F6A52E731\Slipk487 on HOME-5F6A52E731 : Logging Mode
-------------------------------------------------------------------------

OS Type:					 Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS Configuration:			Standalone Server
OS Version:				  5.2.3790
Terminal Server Mode:		Remote Administration
Site Name:				   N/A
Roaming Profile:			 
Local Profile:			   D:\Documents and Settings\Server2003
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

	Last time Group Policy was applied: 8/28/2007 at 6:01:30 PM
	Group Policy was applied from:	  N/A
	Group Policy slow link threshold:   500 kbps
	Domain Name:						
	Domain Type:						WindowsNT 4

	Applied Group Policy Objects
	-----------------------------
		Local Group Policy

	The computer is a part of the following security groups
	-------------------------------------------------------
		BUILTIN\Administrators
		Everyone
		NT AUTHORITY\Authenticated Users

	Resultant Set Of Policies for Computer
	---------------------------------------

		Software Installations
		----------------------
			N/A

		Startup Scripts
		---------------
			N/A

		Shutdown Scripts
		----------------
			N/A

		Account Policies
		----------------
			N/A

		Audit Policy
		------------
			N/A

		User Rights
		-----------
			N/A

		Security Options
		----------------
			N/A

			N/A

		Event Log Settings
		------------------
			N/A

		Restricted Groups
		-----------------
			N/A

		System Services
		---------------
			N/A

		Registry Settings
		-----------------
			N/A

		File System Settings
		--------------------
			N/A

		Public Key Policies
		-------------------
			N/A

		Administrative Templates
		------------------------
			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\Description
				Value:	   0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\SaferFlags
				Value:	   0, 0, 0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\Description
				Value:	   0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel
				Value:	   0, 0, 4, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope
				Value:	   0, 0, 0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\SaferFlags
				Value:	   0, 0, 0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\Description
				Value:	   0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\SaferFlags
				Value:	   0, 0, 0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\SaferFlags
				Value:	   0, 0, 0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\Description
				Value:	   0, 0
				State:	   Enabled

			GPO: Local Group Policy
				KeyName:	 Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
				Value:	   1, 0, 0, 0
				State:	   Enabled


USER SETTINGS
--------------

	Last time Group Policy was applied: 8/28/2007 at 5:27:34 PM
	Group Policy was applied from:	  N/A
	Group Policy slow link threshold:   500 kbps
	Domain Name:						HOME-5F6A52E731
	Domain Type:						<Local Computer>

	Applied Group Policy Objects
	-----------------------------
		N/A

	The following GPOs were not applied because they were filtered out
	-------------------------------------------------------------------
		Local Group Policy
			Filtering:  Not Applied (Empty)

	The user is a part of the following security groups
	---------------------------------------------------
		None
		Everyone
		BUILTIN\Administrators
		BUILTIN\Users
		NT AUTHORITY\INTERACTIVE
		NT AUTHORITY\Authenticated Users
		This Organization
		LOCAL
		NTLM Authentication

	The user has the following security privileges
	----------------------------------------------

		Bypass traverse checking
		Manage auditing and security log
		Back up files and directories
		Restore files and directories
		Change the system time
		Shut down the system
		Force shutdown from a remote system
		Take ownership of files or other objects
		Debug programs
		Modify firmware environment values
		Profile system performance
		Profile single process
		Increase scheduling priority
		Load and unload device drivers
		Create a pagefile
		Adjust memory quotas for a process
		Remove computer from docking station
		Perform volume maintenance tasks
		Impersonate a client after authentication
		Create global objects

	Resultant Set Of Policies for User
	-----------------------------------

		Software Installations
		----------------------
			N/A

		Logon Scripts
		-------------
			N/A

		Logoff Scripts
		--------------
			N/A

		Public Key Policies
		-------------------
			N/A

		Administrative Templates
		------------------------
			N/A

		Folder Redirection
		------------------
			N/A

		Internet Explorer Browser User Interface
		----------------------------------------
			N/A

		Internet Explorer Connection
		----------------------------
			N/A

		Internet Explorer URLs
		----------------------
			N/A

		Internet Explorer Security
		--------------------------
			N/A

		Internet Explorer Programs
		--------------------------
			N/A

gpresult.txt

**cluberti** · August 29, 2007

The local GPO does have software restriction policies being applied, that's what the Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ registry keys point to, and specifically the rule for Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled set to 1 means that Software Restriction Policies are enabled and functional from policy. So, you need to look just a little harder at the local group policies, because your statement before means you missed something obvious:

Went through Local Security Policy and couldnt find anything that would restrict msi from installing.

If you need help figuring out how to turn this off, try looking at this technet article. It's in there, and gpresult says so.

**slipk487** · August 29, 2007

i went and set the reg setting for transparentenabled to 0 and restarted the computer but still couldn't install the msi. i also looked at the technet article but did not know what i was looking for. i have not really ever seen half the stuff before and did not what else to look for besides the reg entry for transparentenabled.

Sign In

Error: The Sys Admin Set Policies to prevent this installation

Recommended Posts

slipk487

cluberti

slipk487

cluberti

slipk487

cluberti

RJARRRPCGP

slipk487

nmX.Memnoch

slipk487

cluberti

slipk487

Please sign in to comment

Recently Browsing 0 members

Activity

Browse