Unlocking Restricted Access Due To Group Policy Setting

Question

Good day, I need urgent help!

I made a big error and feel like a fool.

I set the Group Policy to only access excel.exe, outlook.exe and firefox.exe thinking that it will not affect my Administrator account.  But it did and now I cannot access Command Prompt , Registry Editor, Recovery or Notepad as I  get a message .

“This operation has been cancelled due to restrictions in effect on this computer”

Can anyone help to find a solution for this Group Policy setting?

Answer 1

Log out to the sign in screen.

Hold down the shift key on your keyboard while clicking the Power button on the screen.

Continue to hold down the shift key while clicking Restart.

Continue to hold down the shift key until the Advanced Recovery Options menu appears.

Click Troubleshoot

Click Advanced options

Click Command Prompt

At the command prompt, type:

net user administrator /active:yes



Hit Enter



Close command prompt, restart, then try signing into the Administrator account. 

Try signing in again.

Reverse the Group Policy Restrictions you applied.

Answer 2

Hello, thank you for the reply.

I did exactly as you said:

1)  In command prompt when I typed net user administrator /active:yes, I got a message that the command was successful.

2)  On the Sign In screen there is still just two accounts:

Mrh [which is the local administrator account]

Herman [which is the local user non admin account]

3)  I logged into the Mrh account, but the Group Policy restrictions is still present and I could not enter the Group Policy Management application.

Is this the correct procedure?

I read that this could be reset in Registry Editor.  I can open regedit via the same command prompt in the Advanced Recovery Options menu.  But the link below is for windows 7, so I do not know the DWORD value setting.

https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/how-to-disable-group-policy/18d4728f-8874-4b7d-b41f-858946951fc6

Answer 3

Update:

I read that I should set the built in administrator password before it will activate.  So again I went to Advanced Recovery Options menu appears.

Click Troubleshoot

Click Advanced options

Click Command Prompt

1]  I typed:  net user administrator *

2]  gave an easy password.

3]  Closed and exited cmd, but still there was no Administrator account to Sign In to.

PS. in command prompt I typed: net user administrator

Enter

It gave me the info which stated that that the built in administrator is Active from 15:42 today and that it has Never been logged in to.

Answer 4

Well, try this as another step. Boot into the recovery environment again and create a new user account through the command line.

Type: net user Username Password /add then hit Enter.

Example: net user OROB yourpassword123 /add

You should see the following message: “The command completed successfully.” Click Start > username then switch to your new account.

If you want to add the user to a particular group such as Administrator, Power User or Limited User, use this command: net localgroup GroupPrivilege UserName /add

Example: net localgroup administrators OROB /add

Answer 5

Thanks again for the reply.

I followed your suggested steps, but even though the user shows as being added and active it does not appear on the sign in page as an alternative account.

Maybe I am giving the command in the wrong directory.  When I boot into the recovery environment the directory in command prompt is:  x:\windows\system32

I ran the command from here.  But the new added user did not appear on the sign in page.

I also used the diskpart and list volume command to check on which partition windows is installed.  I changed directory to c:> and again followed your steps.  But again the new added user did not appear on the sign in page.

Can you please give me more instructions on how to remedy my foolish Group Policy restriction?