Jump to content

Group Policy Question

Thinkster

By Thinkster
in Windows XP

 Share

Recommended Posts

Thinkster

Thinkster

Posted
Posted

I have several Windows XP Machines that have some sort of local group policy on the user account. Now these machines need to be unrestricted. In other words, without creating a new user account and without formatting/reinstalling XP, I need to be able to either edit the group policy file (offline) or maybe replace the group policy file with a non-restricted one.

So where is the group policy file for a paticular user located and how can I edit or replace it?


chilifrei64

chilifrei64

Posted
Posted

There are a couple of ways we can get around local policies

Log into the computer with the guest account (local group policy does not affect guest user) and run gpedit.msc (run as Administrator....) . Edit whatever you need to.

Log on with a bootdisk that can read NTFS and find C:\WINDOWS\system32\GroupPolicy(this folder is a protected Operating system file) and delete the folder. Delete the administrators profile folder also. Restart the computer and log on as administrator, then change what you need to.

Not sure how locked down it is... but you could log in as any user... navigate gpedit.msc and run as administrator and change what you need.

How restricted are you.. can you get to windows explorer?

Thinkster

Thinkster

Posted
  • Author
Posted

I cannot logon as administrator as I do not know the password as I did not setup these systems myself. There were these four to begin with and I added 8 more machines that contain my custom build that I have no problem getting into. Being that these four "restricted machines" already had users, they are able to login with there personal logins which fall under the local group policy.

I tried running regedit, gpedit.msc and those were both restricted. I goto explorer and I can see the A: drive and the CDROM, but C: is Hidden. However, I can goto Start--Run and type C: to get to it.

Also going to control panel, it only shows Display and a few other non-useful items.

I do have a boot disk (Winternals) that I can get to the registry and system folders and such with, and I already copied the C:\WINDOWS\system32\GroupPolicy folder to a USB drive. Inside the user subfolder, there is a Registry.pol file. I'm assuming that is the policy then? If so, is there a way to edit the .pol file from another machine? Or is it better to just delete the the contents inside the User and Machine subfolders of GroupPolicy?

chilifrei64

chilifrei64

Posted
Posted

If you want to do it all offline then all you need to do is:

1) reset the administrators password.. this is just because you will need to know it anyways...

2) Just delete the c:\windows\system32\GroupPolicy folder and either let it regenerate on the next reboot or copy over a blank one from another computer.

If you really wanted to edit it offline there is an executable called poledit.exe which is part of Microsoft's Adminpak.msi. you can edit your .pol files in this.

Thinkster

Thinkster

Posted
  • Author
Posted
If you really wanted to edit it offline there is an executable called poledit.exe which is part of Microsoft's Adminpak.msi. you can edit your .pol files in this.

Where can I download this Adminpak.msi ??

maxamoto

maxamoto

Posted
Posted
If you really wanted to edit it offline there is an executable called poledit.exe which is part of Microsoft's Adminpak.msi. you can edit your .pol files in this.

Where can I download this Adminpak.msi ??

poledit is from the nt4 days... Leave it alone. If you're running XP. just launch gpedit.msc as administrator and make the changes yourself. running gpupdate from the command line when you're done will keep you from rebooting.

Thinkster

Thinkster

Posted
  • Author
Posted
2) Just delete the c:\windows\system32\GroupPolicy folder and either let it regenerate on the next reboot or copy over a blank one from another computer.

So if I copy the GroupPolicy folder from one of the machines I setup (minimal restrictions) over the GroupPolicy folder on the 'restricted machines', then that should take care of it? or is it computer/user specific? I can use Winternals ERD to do the the folder/file replacement if this is the case.

maxamoto

maxamoto

Posted
Posted
2) Just delete the c:\windows\system32\GroupPolicy folder and either let it regenerate on the next reboot or copy over a blank one from another computer.

So if I copy the GroupPolicy folder from one of the machines I setup (minimal restrictions) over the GroupPolicy folder on the 'restricted machines', then that should take care of it? or is it computer/user specific? I can use Winternals ERD to do the the folder/file replacement if this is the case.

If you have the ERD disk, use it to reset the administrator password and then use gpedit.msc to do the dirty deed...

Thinkster

Thinkster

Posted
  • Author
Posted

Well, I tried copying over the Group Policy folder from another machine using ERD, but when user logged in, the same restrictions were still in place. So went back to ERD, used REGEDIT and saw all the restrictions in: [HKEY_USERS\bthomas\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] and [HKEY_USERS\bthomas\Software\Microsoft\Windows\CurrentVersion\Policies\System] and [HKEY_USERS\bthomas\Software\Policies\Microsoft\MMC]. I deleted keys and imported them from another machine all in ERD and Presto, restrictions were gone when user logged in. However, somehow it's still restricting the installation of some software: "The System Administrator has set policies to prevent this installation." I know the best thing to do is login as Adminstrator, but I don't know the admin password and the manager said not to reset the password or change it in case the original computer guy returns from out of the country. So another dilema... any ideas to decrypt the password in a quick manner?

maxamoto

maxamoto

Posted
Posted (edited)
Well, I tried copying over the Group Policy folder from another machine using ERD, but when user logged in, the same restrictions were still in place.   So went back to ERD, used REGEDIT and saw all the restrictions in: [HKEY_USERS\bthomas\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] and [HKEY_USERS\bthomas\Software\Microsoft\Windows\CurrentVersion\Policies\System] and [HKEY_USERS\bthomas\Software\Policies\Microsoft\MMC].   I deleted keys and imported them from another machine all in ERD and Presto, restrictions were gone when user logged in.   However, somehow it's still restricting the installation of some software: "The System Administrator has set policies to prevent this installation."    I know the best thing to do is login as Adminstrator, but I don't know the admin password and the manager said not to reset the password or change it in case the original computer guy returns from out of the country.   So another dilema...  any ideas to decrypt the password in a quick manner?

Tell your manager that due to the restrictions he/she has placed on your troubleshooting that you are unable to complete your mission. Then, go crack open a cold one and relax. There isn't anything you can do without logging in as Admin. Zip, zero, zilch, nada.

As far as decrypting the admin password goes, NO.

Edited by maxamoto
Thinkster

Thinkster

Posted
  • Author
Posted

Due to the restrictions that were placed, I was forced to crack open a bottle of Corona and relax! Then I thought I had got the admin password, but it didn't work. I guess I'll just have to use the offline password reset or the ERD locksmith...

prey

prey

Posted
Posted (edited)

Hi!

Ever head of Bart’s PE build with ULTIMATE BOOT CD Extension to it?

It has amongst other excellent tools, the ability to reset the local administrator password.

Check out the following http://www.reatogo.de/

Kind Regards.

Edited by prey

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...