Jump to content

Software Restriction Policy black logon screen for one server in an OU

Hi all, I have a very somewhat random problem for one server that is in an OU with other servers within it. No other server in the OU has this black logon screen problem.

 

It's worth noting that the affected server is 2012 whereas the others in the OU are 2016.

 

I know this policy is the causing the issue as when I deny it to the affected server the problem goes away.

 

Additional rules

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%

 

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

 

Both set to unrestricted

 

I've checked the value of these keys and the SystemRoot one contains C:\Windows and PrgramFilesDir contains C:\Program Files, as expected.

 

Dropbox certificates are also set to disallowed

.

The default security level is set to unrestricted.

 

Enforcement policy

 

Apply Software Restrictions Polices to the following.

 

All Software files except libaries (Such as DLLs)

 

Apply Software restriction polices to the following users:

 

All users

 

When applying software restriction polices:

 

Enforce Certificate rules.

 

Designated File Types:

ADE, ADP, BAS, BAT, CHM, CMD, COM, CRT, EXE, HLP, HTA, INF, INS, ISP, LNK, MDB, MDE, MSC, MSI, MST, OCX, PCD, PIF, REG, SCR, SHS, URL, VB, WSC

 

I have run SFC /Scannow which fixed some corruption and also DISM.

 

We have a replica of the server to attempt fixes on.

 

Comparing it with a working 2016 server we noticed there was no Windows File Protection key within HKEY_LOCAL_MACHINE\SOFTWARE\Polices\Microsoft\Windows NT so we imported that which didn’t change anything. The sub key within Windows File Protection is called KnownDllList with the value of nlhtml.dll. This is located in C:\Windows\System32. I have registered to be sure but had no luck.

 

I’ve Googled quite a lot and haven’t found anything that fixes this issue however my assumption is it’s down to the SRP stopping something that Windows needs.

 

Event Log doesn’t have any SRP logs either which doesn’t help.

 

Does anyone have any ideas what to check next at all? Currently I’m stumped but will keep searching.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×