• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

This program is blocked by group policy. (Vista Home Premium)

Messages
7
Location
Knoxville, TN (USA)
#1
I have a small office network with a mix of PC's running either Windows XP or Windows Vista Premium. The main printer/scanner/fax machine is located in a small room by itself and all the PC's have access to it.

For the most part all works fine and the PC's all communicate with each other. The only aggrevation is that occassionly when printing to the shared printer, a Vista PC will pop up an error message that says "To use the shared printer \ \Scanning\Sharp AR-M207, you need to install the printer driver on your computer and then restart the print job." Along with action boxes INSTALL DRIVER and CANCEL. Normally I click on INSTALL DRIVER, enter the Admin password, and all prints well for a little while. This happens on all of the Vista PC's whether they are set up for one user or two users. (On the two user PC's, Admin is one of the users.)

Starting just recently, one of the two user Vista PC's started a new quirck. When I clicked on INSTALL DRIVER, I get the error message, "This program is blocked by group policy. For more information, contact your system administrator. etc."

I tried a re-boot. No success. I checked the PC and printer settings and all indicates that each is set up for public acccess across the network. I did a search on the net about group policy settings in Vista, only to learn that one requires a professional version of Vista to change these (at least easily). I then tried to uninstall and then reinstall the printer drivers. This worked fine logged in as Admin, but seemed to have no effect (the printer driver was not present) logged in as the second user. And when I attempted reinstall the print driver logged in as the second user, I once again got the error message "This program is blocked by group policy. etc." Note that this is only only happening on one of the Vista PC's. The others work fine.

Can someone help me with this problem? Thanks!
 

My Computer

Messages
7
Location
Knoxville, TN (USA)
#3
Thank you for the input and the very informative link.

Though the file "defltbase.inf" exists on all of the Vista PC's, none of them have the file "defltbase.sdb". That I can't figure out. I tried running the suggested command anyhow, but nothing happened. One would figure that with the use of the "/verbose" switch that the SECEDIT program would inform you of "file not found", syntax error, or something. But it told me nothing.

I printed the "defltbase.inf" from all the Vista PC's with the thought of comparing the files with that of the faulty Vista PC, but that would be too daunting a task. My eyes just can't handle that.

I also tried "gpupdate /force /boot", which executed OK, but didn't fix anything.

The solution is probably going to seem so simple that I want to slap myself, it's just figuring out what that solution is.
 

My Computer

PainlessTorture

Official Best Member
Vista Pro
Messages
471
Location
Northern Ireland
#6
You get that error when the secpol is set to automaticly deny elevation requests to non-admin users.

This only happens if you are not an admin trying to run an elevated program.

This is the only time ive encountered it anyway.

Good Luck.
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB

JimWebster

New Member
Messages
7
Location
Knoxville, TN (USA)
#7
I really appreciate everyones input. None of the solutions provided here worked. I searched the internet high and low, printing out and trying numerous other things, and all of that to no avail. To avoid having any more downtime, I opted to eliminate there being a second user, whereby the primary user is now also ADMIN. Everything now works like a charm.
 

My Computer

PainlessTorture

Official Best Member
Vista Pro
Messages
471
Location
Northern Ireland
#10
It is no longer called "ADMIN", but something else. But still has Admin privileges. The PC also has a good anti-virus, with a firewall. Plus the main router for the T1 line has a firewall.
Nevertheless the built in admin account bypasses UAC by default unless you change the security policy which you can't because of the version you are running even if the account username is not Administrator.

Do you get the error when you click "Run as administrator"?
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB

strategy3

New Member
Messages
1
#12
Hi,
Problem:
What you are probably experiencing is that your standard user can launch some executables, but cannot launch others. That's because some exe are "not signed/certified", and the security policy blocks them by default, instead of prompting for elevation. I had this today with my kid trying to run flyff (game).

The solution:
gpedit.msc
> computer configuration> windows settings>
security settings> local policies> security options! once there update "User Account Control: Behavrio of the elevation prompt for standard users:" change it to "prompt for credentials". this will allow unsigned programs that are currently automatically blocked, to prompt for elevation. you'll still need to provide an admin pw, but at least you don't have to logoff.
 

My Computer

Victorawrr

New Member
Messages
2
#13
OHH NO!
I had admin privilegies on my work pc (by an accident), and then I did the:

"Run cmd.exe with administrative previlliges and type

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

+
restart"

And now I am a limited user again, please help me undo this.
I did not have the intention to do this, I thought this would remove the "blocked by group policy" rule thing.

Please help!
 

My Computer

Messages
2,456
Location
NY USA
#14
OHH NO!
I had admin privilegies on my work pc (by an accident), and then I did the:

"Run cmd.exe with administrative previlliges and type

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

+
restart"

And now I am a limited user again, please help me undo this.
I did not have the intention to do this, I thought this would remove the "blocked by group policy" rule thing.

Please help!
What made you think that edit would fix it?
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron E 1405
    CPU
    2@2.0
    Memory
    4 gigs
    Graphics Card(s)
    integrated intel 945
    Sound Card
    integrated
    Screen Resolution
    1440x900
    Hard Drives
    300 gig internal
    Internet Speed
    10 down 1.5 up

Users Who Are Viewing This Thread (Users: 1, Guests: 0)