Protect Yourself From Tech Support Scams
October 14, 2019
Protect Yourself From Tech Support Scams
Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee
and that the phone number is an official Microsoft global customer service number.
Which I believe is preventing the admin account from removing or installing devices. This is causing an issue. Looks like it's AD GP as is greyed out and I can't add to it locally. The network team claim there are no AD GPs to limit the local admin account
that they know of.
Also, I'm trying to use Process Monitor on the machine but that needs admin rights and it keeps saying that the local admin account isn't a member of the admin group, but it is.
Any ideas? Even if it's just fixing he Process Monitor bit?
And looking at the picture can anyone explain what the icon means next to Load and Unload device drivers. It's different from the others and think this is related, maybe trying to tell me it's a AD group policy.
I've spoken to networks, they said there are not AD GP's set for this. I've used the local admin account to create a new local admin account and put it in the administrators group. Logged into it and it also has the same issue.
This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread.
Subscribe to RSS feed
Last updated November 9, 2018
We'll probably never know as I fixed it all before I read your new reply :) this is how it all went. Might look odd but it's because I posted this fix on another forum I post at and can't be bothered to type it all again so just lifted it from there. May
be of some help to others.
Took all day from 8am to 4pm but did it :) gives you a buzz when you solved something like this, that had me :scratch: all day.
Right. First problem (that ended up not needed in end) was to fix the GPEDIT issue, why wasn't Administrators in there. I think the GP was buggered, so asking over at Technet forums I got told about the secedit command (which I'm sure I've heard of before
but long forgot). Got given this link
Did what it had to do. Checked gpedit again and sure enough the Administrators group was back in the place it should be in the image in first post. But it was all still greyed out, but never mind as admin account was now able to remove devices. Also got
told the icon means it's locked by Group Policy and can't be edited. The blue 1's and 0's means it's not locked and can be edited.
So, now, why wasn't Process Monitor still working? It was still saying Admin wasn't in the Admin group but it was. On Technet they later said the Admin has to be in the debug group as well for Process Monitor to run, but I'd fixed it before then, so not sure
if that was the issue.
Anyway. To fix the admin account permissions I used Trinity Rescue Kit
To allow you to reset a local account, unlock or up it's privileges. I choose to up the admin accounts privileges as it was saying the admin account only had Normal rights.
Booted into Windows and result, Process Monitor was now able to run :)
However, the hanging issue (not sure if I mentioned that) was still a problem. I then used msconfig (which ain't great) but it's easy with that to hide all the Microsoft processes so that you can then disable all other, 3rd party ones. Did that and rebooted.
No more hanging. Then had to re-enable them one by one till the hanging started again.
What was it?
Our Helpdesk software. It had two processes running as services at start-up and they were causing the hang. I'm about to look through the Process Monitor logs of it working and then not working. To see if what I suspect to be happening is happening. That
is, now the PC is on a new domain, these two services are trying to talk or doing something with the old domain and can't. Causing explorer to then hang as they maybe just get stuck in a loop.
Was a good feeling when it was all fixed and I had drilled it down to the exact two things causing the issue.
Now it geekness I'm off to look through the process monitor logs.
Also, to get round the fact they'd forgotten the local admin password, I used Kon-Boot
Forgot to mention that once I put the PC back on the domain the gpedit entry was no longer greyed out.
Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
The symbol you refer to indicates that setting has been locked by group policy and is not changeable. When I've seen this in the past, the only way I've been able to override it is by using "secedit". For more info on this command:
Start -> Help and Support -> Search: Secedit