When delivering an infrastructure projects, one of the tasks is to implement Server Hardening via Group Policy it could be less or more restricted depending on the security guide lines.
Problem: This past week we had a desktop lock-down scenario where after joining a server to the domain we see this window pop-up “explorer.exe – System Warning | Unknwon Hard Error” good thing this was still in the testing phase.
After some trial and error, it was determined that it was caused by a certain GPO settings, the next step is to find out what setting(s) it was.
It was found out that the culprits was 2 things:
- The settings Background Task Infrastructure Service Startup Mode was set to Manual.
- The settings applied must have been overlooked during the creation of the GPO.
Solution: Launch GPMC and edit the GPO, and set the Background Task Infrastructure Service Startup Mode was set to Automatic.
Check/Verify: Login to the affected server, if desktop is still locked down, press Alt-Ctrl-Del and type Explorer.exe browse to C:\Windows\System32\ look for cmd.exe and launch it as Administrator and run the command gpupdate /force
The Start Menu should now be available, to verify that the settings has been applied in the CMD windows type RSOP, after browsing the settings, you should see that is it now set to Automatic.