Re: Secure Boot Settings "on." Can't turn "off" on local system.
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/10/04
- Next message: Blake: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Previous message: Steven L Umbach: "Re: Users can login, but not logout"
- In reply to: Bob T: "Re: Secure Boot Settings "on." Can't turn "off" on local system."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Aug 2004 18:14:02 GMT
I am not sure what you mean by local global policies, but gpedit.msc brings up local
Group Policy for all the settings available on the local computer for both user and
computer configuration. Running gpresult /v may be helpful in showing what settings
are configured in Local Group Policy though the settings shown will not be in user
friendly terms but are usually decipherable as to what the Group Policy setting is.
Gpresult is part of the support tools that are in the install disk in the
support/tools folder where you need to install the set of them by running the setup
there. Sometimes it helps when you are having problems with security policy to reset
settings back to default defined levels using secedit as described in the link below.
Complications can arise when changing settings directly in the registry that can also
be changed via Security/Group policy in that defined settings may appear to be wrong.
Often changing a setting by enabling and disabling will refresh it to work
rrectly. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222
"Bob T" <anonymous@discussions.microsoft.com> wrote in message
news:39ba01c47ef8$1cad11b0$a601280a@phx.gbl...
> Steven,
>
> Thanks for the good suggestions.
>
> Unfortunately, nothing worked.
>
> The reseting, had no effect.
>
> The rebuild, seemed to do nothing.
>
> And the last, gpedit.msc. Local Security Policy is a
> subset of local Group Policy, just threw me back into the
> local policy.
>
> I could find no way at all to get to the local Global.
>
> I wonder if it could have anything to do with my MMC
> settings?
>
> Anyway, after wasting several hours, I finally gave up and
> went to my backup.
>
> I just wish I knew what caused the problem & how to get to
> that local Global policies.
>
> I'm off now to check the registry and see where my
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
> SecurityBoot is set, 1 or 0?
>
> Any more ideas will be appreciated.
>
> Bob T
>
>
> >-----Original Message-----
> >When you change a Local Security Setting, either try
> running [ secedit /refreshpolicy
> >machine_policy/enforce ] at the command prompt to refresh
> Local Security Policy or
> >reboot the computer and see if that helps.
> >
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;227302
> >
> >If you still have difficulty you might try to rebuild
> your local security database as
> >described in the link below,
> >
> >http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm
> >
> >FYI there is a local Group Policy on your computer
> available with gpedit.msc. Local
> >Security Policy is a subset of local Group Policy. ---
> Steve
> >
> >"Bob T" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:31d601c47e73$30905280$a401280a@phx.gbl...
> >> I cannot turn off the Secure Boot Settings for logon, on
> >> my local machine.
> >>
> >> The system is in a local workgroup, with no domain
> >> controler, no group manager, only local machines/group.
> In
> >> fact I've totally isolated it now, and removed all
> shares.
> >>
> >> When I check Administrative Tools|Security
> Settings|Local
> >> Policies (no group policy available), the "Disable
> >> CTRL+ALT+DEL requirement shows "disabled" for the "local
> >> settings" & "effective settings."
> >>
> >> But, in CP |Users andPasswords|Advanced| the Secure Boot
> >> Setting is grayed out.
> >>
> >> There is a check in the grayed box, but no way for me to
> >> access it. It acts like there is a domain or group
> policy
> >> overide, or I don't have admin rights. But there is no
> >> group policy since there is no PDC and I do have admin
> >> rights.
> >>
> >> When I go back to the "Disable CTRL+ATL+DEL
> requirement,"
> >> and now select, "enable," I get: "disabled" for "local
> >> setting" but, "Enabled" for "effective setting"! This
> is
> >> the only policy where there is a difference
> between "local
> >> setting" and "effective setting."
> >>
> >> Checking back at the CP Users, the Secure Boot Setting
> is
> >> still grayed out, but now, the check is gone.
> >>
> >> (The only thing I did prior to noticing this was to
> >> download MDAC 2.8 from MS with its patch--I wouldn't
> think
> >> that would have anything to do with it, but who knows?)
> >>
> >> Ideas on how to reconcile these problems?
> >>
> >> 1) get the box un-grayed, so I have local admin rights
> in
> >> User and Passwords and can change the local settings.
> >>
> >> 2) get the "Disable Ctrl+Alt+Del requirement" to show
> the
> >> same policy, for local and effective; since there is no
> >> group policy (at not one I can see) to cause the
> override.
> >>
> >> I have full admin rights. Have tried coming in through
> my
> >> Admin group name, as well as Administrator. Neither,
> made
> >> a difference.
> >> The CP|Users & Admin. Settings|Security Settings --are
> >> either reading me as no admin rights, or global
> overrides
> >> are on, or both.
> >>
> >> Thanks,
> >> Bob
> >>
> >>
> >
> >
> >.
> >
- Next message: Blake: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Previous message: Steven L Umbach: "Re: Users can login, but not logout"
- In reply to: Bob T: "Re: Secure Boot Settings "on." Can't turn "off" on local system."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
