AGPM goes Bang!

And locks users out of Windows

Occasionally when you deploy a Group Policy change via AGPM, it will corrupt that Group Policy.

My experiences over the last two years have included users losing

  • the Corporate Intranet Homepage settings
  • desktop wallpaper
  • network drive mapping.

Yesterday they lost the ability to boot into Windows.

Applocker had decided to block critical operating system files.

The solution:

  1. Boot Windows into Recovery Mode
  2. Select Safe Mode with Command Prompt
  3. Logon to Windows with a Local Administrator account
  4. Delete the content of c:\windows\system32\Applocker

Things we learned/benefited from:

  • A talented group of people worked together to resolve the issue.
  • We had previously implemented Microsoft LAPS in our environment.
    It proved to be a critical “get out of jail” card.
  • The technical knowledge of our end users varied.
    Times to fix each computer ranged from 10 minutes to 3 hours.