Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

“Run As Administrator” Blocked

Posted by William Diaz on July 8, 2012


Just yesterday while taking a tour of my kids Standard User account on one of my Windows 7 system’s, I noticed I was unable to right-click a program and elevate it. The follow error was returned: “This program is blocked by group policy. For more information, contact your system administrator.”

image

That was odd because previously (and I don’t remember when) I had no trouble elevating processes. Normally, one can go into gpedit.msc and modify the security policy that enforces this and set it back to the default, which is to allow the “Run as administrator” option from the context menu. The only problem here is that this is Windows 7 Home Premium, which does not ship with group policy management features. Instead, you need to know the registry keys, types, and values and add or modify them directly.

Luckily, Microsoft put together an Excel worksheet that contains the group policy administrative templates and security settings and where they are set in the Windows registry. You can find it here: WindowsServer2008R2andWindows7GroupPolicySettings. The setting I was interested in was ConsentPromptBehaviorUser, which can be found in HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System.

image

The default value should be 3. The actual value was set to 0, which denies any request in the standard account to elevate an application. I am almost certain that this DWORD value was changed to 0 by some malware that made itself onto the system. The idea would be that some utilities, e.g. Process Explorer, Process Monitor, Autoruns, etc, would be blocked. Additionally, without the ability to run the Windows Task Manager elevated, the user would only be able to view user processes only and not be able to examine system processes or service, not be able to stop services, and not be able to launch the resource monitor. Also, without the ability to elevate regedit, changes could not be made to registry to manually clean it. In order to correct, you would need to logon to the system with an Admin account and then modify the registry, which by itself is no real challenge. But, when confronted with all the ways malware will try to hijack the OS, this is another barrier that needs to be dealt with before complete removal is achieved.

Advertisements

One Response to ““Run As Administrator” Blocked”

  1. Aaron said

    This actually worked for me, not that stupid “safer” key. I finally got my domain’s inherited GPO mess under control and this came up. I knew it wasn’t a GPO because when I unlinked them all, i still got this error. Thanks 4 years later!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: