T
T
Talyan2022-02-09 11:35:08
Group Policies
Talyan, 2022-02-09 11:35:08

How to reset all group policies of a user?

When I first logged in to the terminal server, I was not a member of the administrators group, and all the policies of a regular user were applied to me, such as prohibiting the registry editor from being called, disabling disk visibility, and, in general, all the standard user bans.

After I was added to the Administrators security group, the old policies did not go away.
gpupdate /force doesn't help, because there are no options in the admin policies to "allow what was forbidden to a normal user in a neighboring policy".

I see two solutions:
1) Somehow reset all policies and run gpupdate
2) In general, delete the account from the terminal server without touching it on the domain controller in AD. But there is a fear that they will not let me go to the terminal server at all later.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
T
Talyan, 2022-02-09
@flapflapjack

So, I did it.
I did the following:
1) I logged out of my account
2) I logged in as another administrator 3) I deleted my plug-in disk with the profile through the Sidder
utility . 4) I opened regedit and found a folder with my user in the HKEY_USERS branch. The names there are specified in ID format and not as a regular username. I learned my ID from the same Sidder program. 5) Tried deleting the branch with my ID and the branch named ID_Classes. At the same time, an error occurs that I do not have the right to touch this branch, but at the same time, directories inside the folder are still deleted, although not all of them.
After this action, I tried to log in under myself. I lost the restriction on editing the registry, but there were still only a couple of items in the control panel, the rest of the icons were not available to me.
6) Next, I took and exported his registry branch from another admin.
7) Opened the reg file with notepad, and replaced the ID of another admin with my own. I did the same with the second REG file from the MY_ID_Classes registry folder.
8) Added these two REG files to the registry.
9) Logged in under itself. I saw that everything was in order, and I had a normal admin account, but:
- The resolution of the remote desktop window for a long time could not figure out what size to accept. The start hung in the center of the screen, the language bar disappeared, the layout switch did not work.
-After a couple of minutes, the resolution itself returned to normal.
What broke:
1) The Start button does not click.
2) There is no language bar, the layout does not change. (After gpupdate recovered and works)
3) In the RMB menu "Create" there is nothing at all, it's empty. (After gpupdate it recovered and works)
4) The font everywhere became some kind of strange without ClearType
In short, it didn’t get worse, but it didn’t get any better either. but he got his rights back.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question