SBS 2011 Standard: Task Manager & regedit disabled

0

I have now this very strange issue:

Suddenly I cannot start taskmgr.exe and regedit.exe. I get the error message that it has been disabled by the Administrator but I am working with the Administrator account and I disabled it [Apart from that I don't even know how to do it without Google].

As you can see the Task-Manager is disabled

enter image description here

This is the error messages I receive when I start these programs by entering their program names [it is in German but it is clear what it means]:

enter image description here

The setting in the group policy gpedit.msc for Task Manager is this [but I think it is for the clients which are working on the domain and does not apply for the SBS it self]:

enter image description here

I don't really remember what I should have done wrong:

  1. I was cleaning up the User folder [only the temp directories].
  2. I was restarting the Exchange Information Store service because I changed the maximal RAM from 12 to 10 GB.
  3. I installed the Patch cleaner but this cannot be a malware. I ran it on several other Servers without any problem!

Few minutes before it worked and suddenly it stopped.

Any idea how I messed up the SBS?

Al Bundy

Posted 2017-12-19T17:04:32.337

Reputation: 127

This doesn't just happen. This is an old school malware trick. You can use the reg query command from command prompt and check HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\Policies\System for the malicious policy. You can run REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d /0 /f to enable task manager. Your system is probably crawling with malware though. – Appleoddity – 2017-12-19T17:30:52.043

You'll have to do it in "offline" mode then. You can boot a live Windows CD/USB drive and mount the registry and make the changes. This is the least of your problems though if your server is infected. – Appleoddity – 2017-12-19T17:37:56.827

Both "User Configuration -> Administrative Templates -> System -> CTRL+ALT+DEL options" and "Computer Configuration -> Administrative Templates -> System -> CTRL+ALT+DEL options". – Justin Krejcha – 2017-12-19T18:26:31.503

Answers

2

It is possible a Group Policy may have inadvertently disabled Task Manager and the Registry Editor by accident. It is also very possible that the machine you are using is infected. You should scan it for malware. To solve your immediate problem, you can do one of a few things:

  1. Try using UnHookExec.inf from Symantec. Right-click and save this file to a folder, and then right-click and click "Install". This should re-enable the Registry Editor.

  2. From there, you can re-enable Task Manager using the provided REG file or via the registry manually.

Justin Krejcha

Posted 2017-12-19T17:04:32.337

Reputation: 1 923

I ran already a malware scan and there was a malware. It removed the registry settings and now all works fine! +1 – Al Bundy – 2017-12-19T18:47:27.953

Asked: 2017-12-19T17:04:32.337

Viewed: 234 times

Active: 2017-12-19T18:46:04.143