user用户的组策略无法使用解决方法
日期:2014-05-17 浏览次数:21363 次
user用户的组策略无法使用
我在深度的一个GHOST版本的user用户下无法打开gpedit.msc。显示您没用权限使用此操作。
对此是了不少方法,还是没有解决,有高手帮忙解决一下。谢谢。给出具体步骤。
------解决方案--------------------
是配置系统允许普通用户打开 gpedit.msc ?还是 administrator 无法打开 gpedit.msc ?
------解决方案--------------------
user用户是没有权限打开gpedit.msc的,除非你把该用户提升到管理员组,才有权限
------解决方案--------------------
对于下列注册表项和文件设置权限,授予 users 组完全控制的权限。
HKEY_USERS\.Default
HKEY_LOCAL_MACHINE\System\CurrentControlSet
HKEY_CLASSES_ROOT
C:\WINDOWS\system32\gpedit.msc
经过测试,可以使普通用户打开 gpedit.msc。
------解决方案--------------------
上面还少了一个:对 C:\WINDOWS\system32\GroupPolicy 目录配置 users 组完全控制的权限。
其实,上面的方法比较粗暴。通过 procmon 跟踪可以得到以下信息(这是普通用户打开 gpedit.msc 时被拒绝访问的对象)。
RegOpenKey HKU\.Default ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ACCESS DENIED Desired Access: All Access
RegCreateKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ACCESS DENIED Desired Access: All Access
RegCreateKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ACCESS DENIED Desired Access: All Access
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio ACCESS DENIED Desired Access: Write, Query Value
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio ACCESS DENIED Desired Access: Write, Query Value
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegSetValue HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\(Default) ACCESS DENIED Type: REG_SZ, Length: 62, Data: C:\WINDOWS\system32\oleacc.dll
RegSetValue HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ACCESS DENIED Type: REG_SZ, Length: 12, Data: Drive
RegSetValue HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ACCESS DENIED Type: REG_SZ, Length: 12, Data: Drive
CreateFile C:\WINDOWS\system32\gpedit.msc ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: n/a
RegSetValue HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData ACCESS DENIED Type: REG_SZ, Length: 112, Data: C:\Documents and Settings\Default User\Application Data
CreateFile C:\Documents and Settings\Default User\Application Data\Microsoft\MMC ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects ACCESS DENIED Desired Access: Maximum Allowed
lz 可以根据这些信息进行配置。
------解决方案--------------------
我在深度的一个GHOST版本的user用户下无法打开gpedit.msc。显示您没用权限使用此操作。
对此是了不少方法,还是没有解决,有高手帮忙解决一下。谢谢。给出具体步骤。
------解决方案--------------------
是配置系统允许普通用户打开 gpedit.msc ?还是 administrator 无法打开 gpedit.msc ?
------解决方案--------------------
user用户是没有权限打开gpedit.msc的,除非你把该用户提升到管理员组,才有权限
------解决方案--------------------
对于下列注册表项和文件设置权限,授予 users 组完全控制的权限。
HKEY_USERS\.Default
HKEY_LOCAL_MACHINE\System\CurrentControlSet
HKEY_CLASSES_ROOT
C:\WINDOWS\system32\gpedit.msc
经过测试,可以使普通用户打开 gpedit.msc。
------解决方案--------------------
上面还少了一个:对 C:\WINDOWS\system32\GroupPolicy 目录配置 users 组完全控制的权限。
其实,上面的方法比较粗暴。通过 procmon 跟踪可以得到以下信息(这是普通用户打开 gpedit.msc 时被拒绝访问的对象)。
RegOpenKey HKU\.Default ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ACCESS DENIED Desired Access: All Access
RegCreateKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ACCESS DENIED Desired Access: All Access
RegCreateKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ACCESS DENIED Desired Access: All Access
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio ACCESS DENIED Desired Access: Write, Query Value
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio ACCESS DENIED Desired Access: Write, Query Value
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager ACCESS DENIED Desired Access: Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegOpenKey HKU\.DEFAULT\software ACCESS DENIED Desired Access: Read/Write
RegSetValue HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\(Default) ACCESS DENIED Type: REG_SZ, Length: 62, Data: C:\WINDOWS\system32\oleacc.dll
RegSetValue HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ACCESS DENIED Type: REG_SZ, Length: 12, Data: Drive
RegSetValue HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ACCESS DENIED Type: REG_SZ, Length: 12, Data: Drive
CreateFile C:\WINDOWS\system32\gpedit.msc ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: n/a
RegSetValue HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData ACCESS DENIED Type: REG_SZ, Length: 112, Data: C:\Documents and Settings\Default User\Application Data
CreateFile C:\Documents and Settings\Default User\Application Data\Microsoft\MMC ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
RegCreateKey HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects ACCESS DENIED Desired Access: Maximum Allowed
lz 可以根据这些信息进行配置。
------解决方案--------------------
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
