Share via

No access to gpedit with local administrator account

Günter Holzbach 0 Reputation points
2025-12-08T08:13:50.6466667+00:00

I have a Beckhoff-IPC with Win 10 Pro and wanted to set it up for kiosk mode using only msedge.exe which auto-start after auto-logon of user "lasuser".

I changed the gpedit setting "run only specified windows applications" to enabled and added msedge.exe as the only allowed program. This worked well I thought until I tried to add some more rules.

I switched back to the only administator account and realized that also the administrator is effected by this setting.. Now I dont have access to anything even as the local administrator..

I did not find anything to solve this because everything is locked now..

Please help!

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 69,140 Reputation points MVP Volunteer Moderator
    2025-12-08T12:16:04.6166667+00:00

    You have three options that I can think of.

    First option: use Safe Mode. If the restrictions are bypassed in Safe Mode, you can open a command prompt and remove the policy. In Safe Mode run:

    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v RestrictRun /t REG_DWORD /d 0 /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun" /f
gpupdate /force

    Then reboot normally.

    Second option: use the Windows Recovery Environment to edit the registry offline. Boot into the recovery environment, open Command Prompt, determine the Windows drive letter, load the SOFTWARE hive, edit the policy keys, then unload the hive. Example:

    reg load HKLM\OFFLINE "D:\Windows\System32\Config\SOFTWARE"
reg add "HKLM\OFFLINE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v RestrictRun /t REG_DWORD /d 0 /f
reg delete "HKLM\OFFLINE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun" /f
reg unload HKLM\OFFLINE

    Reboot afterwards.

    Third option: run System Restore from the recovery environment if restore points exist. Choose a restore point from before the policy change and let the system roll back.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.