Solved blocked by group policy

[arp]

hi

not sure if that is the correct section, sorry if it isn't.

when i try to run a specific exe i get the following error:

anyone ever seen this message before? i don't know if that is relevant, but the exe i am trying to run is located on an older partition that was made under win XP. but i already changed owner and full permissions on the whole partition to myself in win7. how do i solve this problem?

the output of gpresult /z

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
 
Created On 20.04.2010 at 12:11:08
 
 
 
RSOP data for wx\kon on WX : Logging Mode
--------------------------------------------------
 
OS Configuration: Standalone Workstation
OS Version: 6.1.7600
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\kon
Connected over a slow link?: No
 
 
USER SETTINGS
--------------
 
Last time Group Policy was applied: 20.04.2010 at 11:54:10
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: wx
Domain Type: <Local Computer>
 
Applied Group Policy Objects
-----------------------------
Local Group Policy
 
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level
 
The user has the following security privileges
----------------------------------------------
 
 
Resultant Set Of Policies for User
-----------------------------------
 
Software Installations
----------------------
N/A
 
Logon Scripts
-------------
N/A
 
Logoff Scripts
--------------
N/A
 
Public Key Policies
-------------------
N/A
 
Administrative Templates
------------------------
GPO: Local Group Policy
KeyName: Software\Policies\Microsoft\Windows\AppCompat\DisablePCA
Value: 1, 0, 0, 0
State: Enabled
 
Folder Redirection
------------------
N/A
 
Internet Explorer Browser User Interface
----------------------------------------
N/A
 
Internet Explorer Connection
----------------------------
N/A
 
Internet Explorer URLs
----------------------
N/A
 
Internet Explorer Security
--------------------------
N/A
 
Internet Explorer Programs
--------------------------
N/A

 

[Bill2]

Do you get the error when you click on "Run as administrator"?

Try changing the security policy. Go to gpedit.msc-computer configuration-windows settings-security settings-local policies-security options.Change "User Account Control: Behavior of the elevation prompt for standard users:" to "prompt for credentials". This will result in blocked programs prompting for elevation. When it does, enter your admin password.

If you are part of a domain, then it may ahve to do with network security policy, for which you'll need to contact your network admin (as the error message says).

 

[arp]

yes, i am running the program as admin.

not part of a domain as seen in gpresult:
Domain Type: Local Computer

i am beginning to think it has nothing to do with group policies at all and the error might be misleading, but i don't know what to do next.

 

[Bill2]

Did you try changing the security setting?

What you can do is take ownership of the .exe and indeed of all folders and drives on your computer. This should resolve any permissions issue. See the tutorial below.

http://www.sevenforums.com/tutorials/1911-take-ownership-shortcut.html

 

[arp]

i took ownership of all files but unfortunately i still get the same error.

 

[Brink]

Hello Arp, and welcome to Seven Forums.

It sounds like the program may have been blocked using AppLocker. Double check in the AppLocker rules to see if one was created to block that program.

Hope this helps,
Shawn

 

[arp]

hello Shawn, thanks for the reply.

there were no items listed in the rulesets, i also added the exe that causes this error in a allowed rule, but the same error appears.

 

[karlsnooks]

hi

not sure if that is the correct section, sorry if it isn't.

when i try to run a specific exe i get the following error:

anyone ever seen this message before? i don't know if that is relevant, but the exe i am trying to run is located on an older partition that was made under win XP. but i already changed owner and full permissions on the whole partition to myself in win7. how do i solve this problem?

the output of gpresult /z

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
 
Created On 20.04.2010 at 12:11:08
 
 
 
RSOP data for wx\kon on WX : Logging Mode
--------------------------------------------------
 
OS Configuration: Standalone Workstation
OS Version: 6.1.7600
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\kon
Connected over a slow link?: No
 
 
USER SETTINGS
--------------
 
Last time Group Policy was applied: 20.04.2010 at 11:54:10
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: wx
Domain Type: <Local Computer>
 
Applied Group Policy Objects
-----------------------------
Local Group Policy
 
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level
 
The user has the following security privileges
----------------------------------------------
 
 
Resultant Set Of Policies for User
-----------------------------------
 
Software Installations
----------------------
N/A
 
Logon Scripts
-------------
N/A
 
Logoff Scripts
--------------
N/A
 
Public Key Policies
-------------------
N/A
 
Administrative Templates
------------------------
GPO: Local Group Policy
KeyName: Software\Policies\Microsoft\Windows\AppCompat\DisablePCA
Value: 1, 0, 0, 0
State: Enabled
 
Folder Redirection
------------------
N/A
 
Internet Explorer Browser User Interface
----------------------------------------
N/A
 
Internet Explorer Connection
----------------------------
N/A
 
Internet Explorer URLs
----------------------
N/A
 
Internet Explorer Security
--------------------------
N/A
 
Internet Explorer Programs
--------------------------
N/A

And you are a member of what workgroup? The administrator of the workgroup is? The name of the program is?

 

[arp]

my workgroup is called WORKGROUP and the user "kon" (me) is admin. the program is justcause2.exe

 

[Greg S]

hello Shawn, thanks for the reply.

there were no items listed in the rulesets, i also added the exe that causes this error in a allowed rule, but the same error appears.

If it's not AppLocker then do you have Software Restriction Policy enabled. Here's a bat file(code) I use to disable it on the fly wihtout entering Local Security to turn it off. I also use one to turn it back on, it's just easier this way. All it does is set it back to the default level of allowed. Run it and then try running your app. I have shortcuts to each bat file on my start menu for quick access

REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ /v DefaultLevel /t REG_DWORD /d 0x00040000 /f

 

[arp]

it seems like that fixed it Greg, many thanks!

 

[Greg S]

it seems like that fixed it Greg, many thanks!

Keep in mind that SRP is more than a decent layer of security. Don't forget to turn it back on in Local Security. I can give you the bat file code for turning it back on if you need it.

 

[arp]

i just set it to 0 instead of 0x40000, right?

 

[Greg S]

i just set it to 0 instead of 0x40000, right?

That is correct, my friend. It's hard to beat too, especially if it's set as you have found out to cover all users including Admin's.

 

[dave1977nj]

To re enable the group policy if i change the bat file to 0 instead of 0x40000 it block all programs running on the computer How to set it back to default. Can't open anything or go to system restore. :devil:

 

[Brink]

Hello Dave, and welcome to Seven Forums.

You could also do a system restore at boot if you like since you are unable to in Windows.

http://www.sevenforums.com/tutorials/700-system-restore.html

Hope this helps,
Shawn

 

[PCIData]

Additional Solution

I know this is an old thread, but perhaps others will come across it as I did and benefit from by discovery.

Thanks Greg S for the registry script. That didn't directly solve my concerns, BUT, a subfolder of that key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ was a folder with the value of '0'. A subfolder of the '0' folder was 'Paths'. Within the Paths folder was a list of identifiers. Each of the identifiers had a path associated with it. Each of these paths listed were restricted from running.

I exported the 'paths' folder, then deleted and rebooted. Now the applications that were showing 'Blocked by Group Policy' are launching and running properly.

Hope this helps anyone coming across this older thread

 

[joulesbeef]

PCIData, thanks that did help.

Btw, in your and my case it was cryptolocker preventer... that added all those path statements.. and annoyingly blocks 7zip files.

it is sometimes applocker in group policy instead, and sometimes the reg solution above. if it is 7z.exe files, check PCIdatas solution first, or run the cryptoprevent and deimmunize.

(and just for more info and maybe search results, i am on windows 10 btw)