A. If you are unable to run the Group Policy Editor or other tools under the Administrative tools folder and receive the following:
The snapin below, referenced in this document has been restricted by policy. Contact your administrator for details.
This can be caused by a number of configuration settings on your domain.
Its possible to restrict users to a set of snap-ins, administrative tools using a group policy and to check perform the following:
- Start Active Directory Users and Computers snap-in (Start - Programs - Administrative Tools - Active Directory Users and Computers)
- Right click on the domain and select Properties
- Select the Group Policies tab
- Select the default domain policy and click Edit
- Move to User Configuration\Administrative Templates\Windows Components\Microsoft Management Console
- Double click 'Restrict Users to the explicitly permitted list of snap-ins'
Click here to view image - Set to 'Not configured'
You can drill down further to "Restricted/Permitted snap-ins\Group Policy" and set 'Group Policy snap-in' to enabled and 'Administrative Templates (User)' to enabled or not configured.
This can also be done on a local computer by directly editing the registry:
- Start Registry Editor (regedit.exe).
- Move to HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC
- Double click RestrictToPermittedSnapins
- Set to 0 and click OK
- Close the registry editor
If you are still unable to start the Group Policy snap in perform the following additional actions:
- Start Registry Editor (regedit.exe).
- Move to HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC
- Change the Restrict_Run value to 0 in the following keys if they exist:
\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3\} (this is the restriction for Group Policy snap-in)
\{0F6B957E-509E-11D1-A7CC-0000F87571E3\} (this is the restriction for the Administrative Templates) - Close the registry editor
If you still can't run the Group Policy snap in contact Microsoft :-)