0
Major problem: I wanted to set up a highly locked-down account (can only open Google Chrome) parallel to a normal admin account that can do anything. I fired up secpol.msc, and on the Enforcement Properties step, I chose All User except administrators, thinking, stupidly, that the admin account wouldn't be affected by the policy. I deleted all paths in the Additional Rules, and added the path to Google Chrome. It looks like the admin account now can't execute any programs! I get a black screen when I type in the admin's password. How can I roll it back? Alas, I don't have any system restore points. I can't try to boot up in command line, because secedit and ren aren't working. I get X:\>, not C:\>, and for some reason it doesn't see all my files. Any ideas?
I tried a Live Linux boot, but it couldn't mount the hard drive. If I could delete or rename like ren %windir%\security\database\edb.chk edb_old.chk that might work, but the bootup command line won't do this, because that edb.chk file, of course, isn't visible.
Adrian Keister
Posted 2018-04-28T19:37:21.533
Reputation: 101
1Have you tried booting into safe mode? – Julian Knight – 2018-04-28T21:39:55.423
That's not at all trivial in Windows 10. Do you know of a straight-forward way to do that? – Adrian Keister – 2018-04-28T22:26:24.300
Actually, it was far easier than I thought, and I got in!!! Hoping to fix... – Adrian Keister – 2018-04-28T22:33:00.083
Able to add the system32 path back into the secpol.msc from booting into Safe Mode. THANKS!!!! – Adrian Keister – 2018-04-28T22:40:39.417
1:) No problem, glad to help. – Julian Knight – 2018-04-30T19:46:55.013