Windows7 Group policy restrictions accidentally apply to admin

Question

I changed group policy on my machine preventing running any program except those in the list. I also prevented from running the cmd. Long story short, those restrictions now prevent me from changing the GP setting as administrator.

Basically I can't do pretty much anything as administrator. Is there any way to revert that setting? I can't delete files restricted to Trusted Installer, can't run MMC, can't even run gpedit.msc remotely from another machine.

I fear my only option is to reinstall Win7 and take the losses.

Answer 1

The Group Policy settings, at least on a local computer, are stored in the registry. System Restore contains a backup of the registry. You see where this is going? You can use System Restore to restore to a point before you made these changes. Alternatively, if you have not restarted yet, then on the next start access the advanced startup options (spam F8). From there, boot into "Last known good configuration", which is a partial backup of parts of the registry. System Restore is preferred.

If that does not work, you can download the group policy reference and find out which registry keys you changed. You can then go and manually reset them from an offline registry editor, e.g. from a Linux live environment or using a Windows installation disc.

Another option, assuming the SYSTEM user still has sufficient permissions, is to log in as SYSTEM. Since you've restricted the programs you can run, your best bet might be to do so pre-login. I've detailed the instructions in the second half of this answer, but the gist of it is to access the OS offline (e.g. Linux live environment or Windows install disc) and replace Narrator.exe with cmd.exe, then launch the Narrator from the accessibility options on the login screen. This will give you a command prompt running as SYSTEM, hopefully able to edit the settings you misplaced.

Answer 2

The windows 7 operating system has a task schedule called "Registry" that can be found in the Task scheduler %windir%\system32\taskschd.msc /s you probably cannot get there at this time, but the default for it is to create a registry backup every 10 days at 12am (midnight) . If you could get there into the task scheduler you could see the date and time this backup was last created.

If a huge problem occured between the time that this backup is created, and before the backup is Again remade, it is possible to revert the system via the registry back to that time.

The location of the backup registry that is made is C:\Windows\System32\config\RegBack . from outside of the system, using some sort of boot disk, like a PE or Linux, a system install disk, recovery partition, or any outside access to the file system, you could copy these registry items found there in regback to C:\Windows\System32\config , then boot into that system.
Before doing so it would be very smart to copy the originals, or at least rename the originals to something like SAM.bak or System.org or anything to preserve the state it is in.

Because I have never used the backup registry that is all I know about it, it would be one possible resource for reverting.