When using the Microsoft Windows Group Policy Editor (gpedit.msc), did you ever use gpedit to enable group policy "Run only allowed Windows applications" and forget to put both "cmd.exe" and "gdedit.msc" in the list of allowed Windows applications? You're not alone. The practices portrayed in this article are typically used by Microsoft Windows XP Pro system administrators. It is important to point out before we get started, that Group Policy Objects (GPO's) are not available in Windows XP standard edition.

Things You'll Need

  • Microsoft Windows XP Pro
  • Administrator access

Please check out our Related articles written by other great writers here on Info Barrel. Thank you for visiting!



Step 1 - Using Microsoft Windows Explorer, navigate to, and then rename file registry.pol files to zregistry.pol in two places:


Step 2 - Copy the files gpupdate.exe and gpedit.msc from C:WINDOWSsystem32 to your desktop. For this exercise, working from the desktop makes things easier to work with.

Step 3 - Use Notepad or another text editor to create and save file g.bat to your desktop. This batch file must include the command "gpupdate.exe /force" without the quotes.

Step 4 - Immediately or minutes later, with the pol files renamed, gpupdate should render the Group Policy Object (GPO) useless and allow use of gpedit.msc. However, especially in a crowed computer network environment, these updates can take much longer.

Step 5 - BEFORE running gpedit.msc, either create new registry.pol files or rename the zregistry.pol files to registry.pol (The method used for this step does not necessarily have to be the same for both Machine and User policy files).

Step 6 - After editing with both Group Policy Objects (GPO's) named registry.pol, run the file g.bat again. Wait for a few minutes, then test by attempting to run gdedit.msc and/or cmd.exe.

Step 7 - Delete any unneeded files from the desktop. Should a warning appear about activeX when running gpedit.msc, it is probably due operating system security. In this case, security can be safely by-passed.

Tips and Warnings

Backup your system before attempting these methods.
Applies to Microsoft Windows XP Professional SP3.