Secure Boot Settings "on." Can't turn "off" on local system.

  • Thread starter Thread starter Bob T
  • Start date Start date
B

Bob T

I cannot turn off the Secure Boot Settings for logon, on
my local machine.

The system is in a local workgroup, with no domain
controler, no group manager, only local machines/group. In
fact I've totally isolated it now, and removed all shares.

When I check Administrative Tools|Security Settings|Local
Policies (no group policy available), the "Disable
CTRL+ALT+DEL requirement shows "disabled" for the "local
settings" & "effective settings."

But, in CP |Users andPasswords|Advanced| the Secure Boot
Setting is grayed out.

There is a check in the grayed box, but no way for me to
access it. It acts like there is a domain or group policy
overide, or I don't have admin rights. But there is no
group policy since there is no PDC and I do have admin
rights.

When I go back to the "Disable CTRL+ATL+DEL requirement,"
and now select, "enable," I get: "disabled" for "local
setting" but, "Enabled" for "effective setting"! This is
the only policy where there is a difference between "local
setting" and "effective setting."

Checking back at the CP Users, the Secure Boot Setting is
still grayed out, but now, the check is gone.

(The only thing I did prior to noticing this was to
download MDAC 2.8 from MS with its patch--I wouldn't think
that would have anything to do with it, but who knows?)

Ideas on how to reconcile these problems?

1) get the box un-grayed, so I have local admin rights in
User and Passwords and can change the local settings.

2) get the "Disable Ctrl+Alt+Del requirement" to show the
same policy, for local and effective; since there is no
group policy (at not one I can see) to cause the override.

I have full admin rights. Have tried coming in through my
Admin group name, as well as Administrator. Neither, made
a difference.
The CP|Users & Admin. Settings|Security Settings --are
either reading me as no admin rights, or global overrides
are on, or both.

Thanks,
Bob
 
I did make a discovery.
My reg file:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
SecuryBoot
is set to "1."
Changing it to "0" gets rid of the popup screen but does
nothing to help with the problem as described.

Please still help.

Thanks, Bob T.
 
When you change a Local Security Setting, either try running [ secedit /refreshpolicy
machine_policy/enforce ] at the command prompt to refresh Local Security Policy or
reboot the computer and see if that helps.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;227302

If you still have difficulty you might try to rebuild your local security database as
described in the link below,

http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm

FYI there is a local Group Policy on your computer available with gpedit.msc. Local
Security Policy is a subset of local Group Policy. --- Steve
 
Steven,

Thanks for the good suggestions.

Unfortunately, nothing worked.

The reseting, had no effect.

The rebuild, seemed to do nothing.

And the last, gpedit.msc. Local Security Policy is a
subset of local Group Policy, just threw me back into the
local policy.

I could find no way at all to get to the local Global.

I wonder if it could have anything to do with my MMC
settings?

Anyway, after wasting several hours, I finally gave up and
went to my backup.

I just wish I knew what caused the problem & how to get to
that local Global policies.

I'm off now to check the registry and see where my
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
SecurityBoot is set, 1 or 0?

Any more ideas will be appreciated.

Bob T

-----Original Message-----
When you change a Local Security Setting, either try
Click to expand...
running [ secedit /refreshpolicy
machine_policy/enforce ] at the command prompt to refresh Local Security Policy or
reboot the computer and see if that helps.

http://support.microsoft.com/default.aspx?scid=kb;EN- US;227302

If you still have difficulty you might try to rebuild
Click to expand...
your local security database as
described in the link below,

http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm

FYI there is a local Group Policy on your computer
Click to expand...
available with gpedit.msc. Local
 
I am not sure what you mean by local global policies, but gpedit.msc brings up local
Group Policy for all the settings available on the local computer for both user and
computer configuration. Running gpresult /v may be helpful in showing what settings
are configured in Local Group Policy though the settings shown will not be in user
friendly terms but are usually decipherable as to what the Group Policy setting is.
Gpresult is part of the support tools that are in the install disk in the
support/tools folder where you need to install the set of them by running the setup
there. Sometimes it helps when you are having problems with security policy to reset
settings back to default defined levels using secedit as described in the link below.
Complications can arise when changing settings directly in the registry that can also
be changed via Security/Group policy in that defined settings may appear to be wrong.
Often changing a setting by enabling and disabling will refresh it to work
rrectly. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

Bob T said:
Steven,

Thanks for the good suggestions.

Unfortunately, nothing worked.

The reseting, had no effect.

The rebuild, seemed to do nothing.

And the last, gpedit.msc. Local Security Policy is a
subset of local Group Policy, just threw me back into the
local policy.

I could find no way at all to get to the local Global.

I wonder if it could have anything to do with my MMC
settings?

Anyway, after wasting several hours, I finally gave up and
went to my backup.

I just wish I knew what caused the problem & how to get to
that local Global policies.

I'm off now to check the registry and see where my
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
SecurityBoot is set, 1 or 0?

Any more ideas will be appreciated.

Bob T

-----Original Message-----
When you change a Local Security Setting, either try
Click to expand...
running [ secedit /refreshpolicy
machine_policy/enforce ] at the command prompt to refresh Local Security Policy or
reboot the computer and see if that helps.

http://support.microsoft.com/default.aspx?scid=kb;EN- US;227302

If you still have difficulty you might try to rebuild
Click to expand...
your local security database as
described in the link below,

http://www.jsiinc.com/SUBG/TIP3200/rh3252.htm

FYI there is a local Group Policy on your computer
Click to expand...
available with gpedit.msc. Local
Security Policy is a subset of local Group Policy. --- Steve




.
Click to expand...
Click to expand...
 
Back
Top