Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: gpedit problem

  1. #1
    She who must be obeyed Super Moderator piaqt's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    1,628

    gpedit problem

    path: local computer policy\user configuration\windows settings\internet explorer maintenance\browser user interface\browser toolbar customization

    In the buttons section, when I click the "Add" button, all that happens is the button greys out. "Edit" and "Remove" still open their corresponding dialog boxes.

    I have tried replacing gpedit.dll and gpedit.msc from install source files. Neither worked.

    I recently installed MS AntiSpyware beta 1. I disabled running it at startup, turned off the BHO checkpoint, shut it down... Still nothing.

    Advice, gentlemen, PLEASE!

    Last night, I shot an elephant in my pajamas. How he got in my pajamas, I'll never know.
    love, piaqt

  2. #2
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    is this running on a server 2k/2k3?? could you ask the system admin?

    You might be able to re-install the windows component for group policy editing, via add/remove programs -> windows components...

    else, do you have an image or perhaps a system restore point?

    Dehc and Rik are good people to talk about servers.

    --- 0wN3D by 3gG ---

  3. #3
    She who must be obeyed Super Moderator piaqt's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    1,628
    Not a server -- my XP SP2 pro notebook. And I am the sysadmin. And I posted in MS's group policy newsgroup. Here's hoping.

    The problem with restore points is, I don't know when it started acting stupid at me. I hadn't used gpedit in a long while.

    Last night, I shot an elephant in my pajamas. How he got in my pajamas, I'll never know.
    love, piaqt

  4. #4
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,303
    When did you install the MS AntiSpyware beta? First try restoring back to the point prior to that...

  5. #5
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    how do you access Local Group policy editor (gpedit) on XP? I have XP Pro SP2 and couldnt run gpedit from the command line(start->run)?

    I do remember being able to change some settings for Local Security, ie Clear Pagefile.sys on every shutdown etc... is that what you mean? sorry for not being more helpful.

    --- 0wN3D by 3gG ---

  6. #6
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    ok, sorry I didn't read this earlier. I first answer the easy part
    There are 2 ways to change Group Policy settings in XP pro (in home SOOL)
    you can type gpedit.msc at the run diag box, or you can type mmc, then from the console go to File Add/Remove Snap in, and add Local Computer Policy (appears as Group Policy). I also recomend the Resultant Set of Policy to whoever tries to use policies.
    Just, make a restore point before, and do a backup of your current policies, because you can completely look yourself out of the computer. I have set restrictions to my brothers in their's PC, with logon hours even.
    Get familiar with the interface, and you can even later check secpol.msc, which is only the section in Computer Configuration>Windows Settings>Security Settings. You can load templates in there. Remember changes apply to the whole PC.
    I know there is a way to aply by users, but I have to check for that link if you are interested.

  7. #7
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    Well, since the other post was getting large I changed.
    Piatq, to answer your question. Gpedit.msc is just your interface to the group policy. All group policy (local or Domain) are registry entries. Not all registry entries are group policies.
    I never tried adding a button to IE. I would never try either unless just for fun. You want to avoid policies that "tatoo" the registry.
    I just created an entry on my to test it, but I have to reboot the system and it takes quite some time.
    The values are stored for that in the registry @ My Computer\HK_USERS\<userhash>\Software\Microsoft\Internet Explorer\Extensions\<hash for the extension>
    Because of the location this is a "tatoo" policy, meaning you need another policy to take it out, thought removig took it out automatically. For policies not to tatoo the registry they have to be located on My Computer\HK_LM\Software\Policies. Tatooing might not be that of an issue in local PCs, but remember that losing the policy won't put things back to normal.
    Knowing this, I would suggest first to try and find the place in the registry that the key is saved for you. Then remove it from the group policy. refresh regedit, and see if it removed it. If it didn't, remove it manually (backup first)
    Reebot.
    You might want to try first and run a resultant set of policies to see if there is anything wrong.
    Also, policies are text files. If the policy was aplied before SP2, it might be different. Service Packs usually update the policies set. Also try this tool which is better for group policy
    http://www.microsoft.com/windowsserv...c/default.mspx
    I haven't used it for local accounts thought. I use it to manage the domain account, and I so like it so much
    If you can get it to run use the planing mode (called modeling) to see what changes the policy makes without actually aplying it.
    Direct download http://www.microsoft.com/downloads/d...displaylang=en.
    I guess you could try to restore the original policy setting. Policies files end with .pol. I tr this.
    If you still have problem please post, and I wil run some test tomorrow at home.

  8. #8
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    Well, I tried the tool. You need to log in with a Domain account, so it is no good to manage local policies.
    The changes will be reflected in the following folder:
    <system drive>:\WINDOWS\system32\GroupPolicy.
    In the machine folder you will find the registry.pol file (Computer Configuration section)
    User is the User configuration. There you can find the settings for the buttons at <system Drive>:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK\BRANDING\BTOOLBAR
    Take a look to see what you have there.
    Remember that XP has a feature called fast user logon, which lets you logon before aplying all policies. Computer policies are applied before the logon screen. User policies are aplied after the logon screen. Windows XP lets you login before finishing the policies procesing and will do the whenever it is bored I recomend turning this feature off while testing. Do it from
    Computer Configuration \ Administrative Templates \ System \ Logon \
    "Always wait for the network at computer startup and logon"
    You can also run this command from the prompt windows "gpupdate /force"
    This will force update of the policies. You might have to log off, or even restart for some to be applied.
    Ahh, just one thing. Why all this info?? Well, first you have to make sure the policy is working. Some are picky. Notice from the location that I gave you that it creates a copy of the icons. I didn't see a copy of the script that the button uses thought.
    The adm files in the adm folder are the files that load the scetions on the group policies. I don't remember how to check for the version, but there are many, many versions. You can also load new adm files. For example, you can load the wuau for Windows update (needed if you use SUS or WUS). There are adm files for Office. You can download a whole adm pack from MS web site. I believe those are the ones actually being applied. And the ones that give you the settings are in <System Drive>:\WINDOWS\inf.
    Do you have Virtual PC? Could you set a system for a sandbox and see whether replacing the adm files replaces the policies? I believe that is the case, but I would have to test to feel more positive about it. I might even set a sandbox tomorrow Just for that

  9. #9
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    I can't rest, so while I was brushing my theeth I look for the group policy in local PC (without active directory)
    here is the article
    http://www.windowsnetworking.com/kba...Directory.html.
    Now I really go to sleep

  10. #10
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    Great work Dehc, very detailed and pretty clear explanations... I'm sure Piaqt would be happy, as well others who may have problem in future.

    --- 0wN3D by 3gG ---

  11. #11
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    I am kind of happy right now that Piaqt hasn't respond yet (maybe too busy trying all these stuff) since I arrived home quite late from work .
    I got my down and dirty on Group policy when I tried that project for a Kiosk machine. Remember? I lock it down so good, that we tried every single trick and it did not work. Best of all, with GPOs you just need to apply same policy to another PC and work done. Thought I haven't touched the companies GPO for 2 months. I am too lazy

  12. #12
    She who must be obeyed Super Moderator piaqt's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    1,628
    Dehc: No virtual pc. No domain. I'll try your links. I don't quite get some of what you posted.

    All I wanted to know was, what disabled the "add" button, and how do I reverse this? It used to work just fine.

    What statement, and in which file, controls this behavior?
    Quote Originally Posted by Dehcbad25
    I guess you could try to restore the original policy setting.
    HOW?
    Quote Originally Posted by Dehcbad25
    1. You want to avoid policies that "tattoo" the registry.
    2. Because of the location this is a "tattoo" policy, meaning you need another policy to take it out, thought removing took it out automatically.
    3. Losing the policy won't put things back to normal.
    4. Find the place in the registry that the key is saved for you. Then remove it from the group policy. refresh regedit, and see if it removed it. If it didn't, remove it manually (backup first) Reboot.
    5. You might want to try first and run a resultant set of policies to see if there is anything wrong.
      Also, policies are text files. If the policy was aplied before SP2, it might be different. Service Packs usually update the policies set. I guess you could try to restore the original policy setting.
    1. ? Tattoo?
    2. Again: ?
    3. Losing? How?
    4. How do I remove a key from a policy?
    5. You mean set some via gpedit and reboot?


    I drilled down through every folder in both user and computer config, checked every admin and IE setting, and have found nothing that would disable the "add button" button.

    I know my way around the registry, but policies and permissions (other than setting them through gpedit) are another story. Any and all assistance greatly appreciated, and needed.
    Last edited by piaqt; January 13th, 2005 at 19:40 PM.

    Last night, I shot an elephant in my pajamas. How he got in my pajamas, I'll never know.
    love, piaqt

  13. #13
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    All that info was just the base for policies. Policies are just registry keys, but are made in a way having in mind that it is less likely to kill your system (the oposite than editing the registry directly)
    Tatoo are policies that are permanent in the system. To remove it, you have to apply another policy or edit the registry. Those are tatoo policies. Any policy not inside the location that I gave you is a tatoo policy, so the IE bar is a tatoo policy.
    Did you run the resultant set of policies? too see if that gives you an idea of what happened. If it is grayed out it means it is not supported. SP2 could have some reason for that, since it structures a lot more IE behaviour. Think that MS is trying to avoid all that spyware installed and extra buttons on the IE interface.
    I recomend that you delete the extra button. Leave that section on default. Then check your policies file version (adm files), run Windows update, and try again.
    My logic from your problem is that the policy file (adm) was changed (probably updated) and that the new version doesn't support what you are trying to do in that specific way, so it grayes it out. The settings got imported when the adm file changed, but actually you are not working on the same policy.
    I hope it is more clear

  14. #14
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    PS: I forgot this yesterday and today. Put the files in a folder that is accesible to everyone. Not in the Documents folder but another folder. You might have a problem with the access to the file. Mainly the batch file.
    Also, what other settings have you applied? There could be a setting that is enabled disabling that setting. Resultant set of Policy will actually tell you exactly what is happenning. If you want you can send me the report and I can look at it to tell you what could be conflicting
    Last edited by Dehcbad25; January 13th, 2005 at 20:34 PM.

  15. #15
    She who must be obeyed Super Moderator piaqt's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    1,628
    Quote Originally Posted by Dehcbad25
    If you want you can send me the report and I can look at it to tell you what could be conflicting
    Here ya go. I couldn't find anything, but then again, my English is better than my SysAdmin.

    Last night, I shot an elephant in my pajamas. How he got in my pajamas, I'll never know.
    love, piaqt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •