Win XP Group Policy forbids gpedit.msc deadlock solution

In order to ensure the security of Windows XP system, many friends have set the "Run only licensed Windows application" item on the public computer to prevent the external program from destroying the system. Inadvertently or in order to prevent others from modifying the group policy, some friends simply excluded the "gpedit.msc" file from being allowed to run the program. As a result, the system was locked, resulting in the inability to run all programs. Install the system. In fact, there are reasons for this, and there are still solutions to this problem.

1. Plan Task Method

Open "Control Panel" → "Task Schedule", start the wizard to create a task plan called MMC, the program is "C:WindowsSystem32mmc.exe" . After finishing, right-click the newly created MMC in the task plan window and select “Run”. In the open console program window, click “File” → “Open” in the menu bar to navigate to the “C:WindowsSystem32gpedit.msc” program and open it. Group Policy Edit window, expand "Local Computer Policy" → "User Configuration" → "Administrative Templates" → "System", double-click "Run only licensed Windows application" in the right pane, set it in the pop-up window. Is "not configured". Click "OK" to exit and close the group policy editing window. When the "Save changes to gpedit.msc" query window pops up, click "Yes" to confirm the save, you can unlock.

2. Safe Mode Method

In fact, this limitation of Group Policy is achieved by loading the registry specific key value, which is not loaded in safe mode. Press and hold the F8 key after rebooting, in the multi-boot menu window that opens, select "Safe Mode with Command Prompt". After entering the desktop, enter "C:WindowsSystem32mmc.exe" at the command prompt of the startup, start the console, and then remove the restriction according to the above operation. Finally, restart the normal login system to unlock. In addition, many of the restrictions of Group Policy cannot be effective in Safe Mode. If you encounter restrictions that cannot be lifted, you may want to go to find a solution.

3.Rename the program method

When setting the "Run only licensed Windows application" policy, you need to add the allow program to the list, if you remember the license program name that was originally set And in the allow list to add any of the types of .com, .bat, .exe, such as only allow "QQ.exe" to run, then you can open the "C: WindowsSystem32" folder, which will be mmc Rename the .exe program to qq.exe and run it. Similarly, if you want to keep the limit, you can rename the program you need to run to qq.exe, but others can only run QQ when using the computer. If the list of allowed programs is included with regedit.exe, open the registry, expand the "HKEY_LOCAL_MACHINESOFTWAREMicrosoft WindowsNTCurrentVersionWinLogon" branch, and double-click the Userinit subkey in the right window. In the window that opens, change its value to "C:WindowsSystem32userinit.exe,mmc.exe" to enable mmc.exe to boot. After this modification and restart, the console will be automatically run the next time you turn it on, to open the Group Policy Editor to unlock it.

This setting of Group Policy only prevents users from launching programs from Windows Explorer. In fact, many programs in the system can run independently. If you load the desktop process, system service, system screen saver, etc., it is not blocked, so just replace mmc.exe with the above file. To replace the screen saver Logon.scr as an example, first open the "C:WindowsSystem32dllcache" folder, find the Logon.scr file and copy it to the D: drive, then delete the screen saver file in the "C:windowsSystem32dllcache" folder. Preventing the system's file protection function prevents us from changing and deleting system files. At this time, the system will pop up the inquiry window "System file has been changed to unrecognized version, please insert WinXP SP2 CD repair", click "Cancel". Then open the "C:WindowsSystem32" folder, find the Logon.scr file to delete it, and rename mmc.exe to Logon.scr.

Go back to the desktop, right-click in the space and select "Properties". In the pop-up window, click the "Screen Saver" tab, then select "Logon" in the screen saver list, click "Preview" At this time, although the system will prompt to find the selected file, but in the background, the console program "mmc.exe" is started, and the restriction can be set. Note that after completing the operation, it is best to copy the d:Logon.scr file back to the original folder.

4. Key combination startup method

Although all programs in the system are locked, pressing Ctrl+Alt+Del can start the task manager. Since the combination key can be used to start the taskmgr.exe program. Then just use mmcexe to replace taskmgr.exe, you can start Group Policy to unlock. Same as above, first enter the "C:Windows System32dllcache" folder, find the taskmgr.exe program and rename it to taskmgr1.exe, then enter the "C:WindowsSystem32" folder, find and rename the taskmgr.exe file to taskmgr1.exe . Now rename the mmc.exe file to taskmgr.exe, then press Ctrl+Alt+Del and you will see that the console program is started. After setting up the group policy, you can restore the task manager back to the original name.