Windows 10 "Group Administrator" ???

Rich73Kelly

Well-Known Member
I recently uninstalled Google Chrome due to getting a "Trojan" or two while searching for a "File managing" program today. This "Trojan" would pop up after having Chrome open for a few minutes stating I had to call a number (1 844 501-5384) to talk to a Microsoft representative to resolve the "Privacy issues". It took using Control Alt Delete to be able to restart. Otherwise, Chrome wasn't closing. I use Windows Defender for AV. I first scanned Chrome and it found nothing, I then did the "Windows Defender Offline scan" and again found nothing. At this point, I went into "Apps and Features" and uninstalled everything with todays date on it, to include a program at the bottom in some type of Asian characters. After that, I did a "Full scan", which found the two different Trojans, which I removed after quarrentine. I then tried downloading and reinstalling Chrome. While doing the install, some .eu file briefly came up and disappeared. Then I got a pop up which stated something to the effect that a group administrator has blocked permission to install this program. I am willing to try the install again to get the exact notice.
There is no "Group Administrator" for this machine. It is a Dell Optiplex 3010 Windows 7 machine I bought from a local Computer Consultant who bought a pallet of them from a local Technical College, upgraded them to Windows 10 and resold them. I AM the Administrator! I had no problem installing Chrome when I first bought it nearly a year ago.
I will provide any other information that may be helpful to try and remove this "Group Administrator" block. Dang computers !!!
 
Most of the viruses are not active when running Windows in Safe Mode.
You should download Malwarebytes, restart your computer in Safe Mode and scan your computer. Install another antivirus after that. Windows defender is not efficient. This is a tutorial about restarting in Safe Mode:

 
Thank you for your prompt responses …
livix07, I had Malwarebytes on my previous XP machine. I never considered putting it on this one because, I am not that comfortable with how intrusive it can be with removing things. I will consider this. What AV would you suggest trying?
Neemobeer, hello again! … My apologies … It was the middle of the night and these issues were keeping me awake. It is Windows 10 Professional Edition ver. 1809, OS build 17763.379 64 bit with all current updates. Intel i5 processor with 8gb of RAM.
 
  • Boot into safe mode
  • Navigate to C:\Windows\System32
  • Click View > Options > Change folder and search option
  • Click the View tab
  • Scroll down and uncheck "Hide protected operating system files" and click apply
  • Back in the File explorer locate and rename the "GroupPolicy" directory to "GroupPolicy.old"
  • Reboot and see if you still get the administrator block message
 
Neemobeer, thank you … Will try when I have more time to mess with it. What are your thoughts on a different AV?
 
Does either have a "Free" version? I have used the likes of Avira and AVG in the past. I am on a limited income so, I don't have the option of just throwing money at something … lol.
 
  • Boot into safe mode
  • Navigate to C:\Windows\System32
  • Click View > Options > Change folder and search option
  • Click the View tab
  • Scroll down and uncheck "Hide protected operating system files" and click apply
  • Back in the File explorer locate and rename the "GroupPolicy" directory to "GroupPolicy.old"
  • Reboot and see if you still get the administrator block message
Okay, so, I got as far as "and click apply". back in Explorer I entered GroupPolicy in the search bar. several entries came up with GroupPolicy in them. The top one (a folder) was by itself (GroupPolicy) with no extension so, I right clicked and clicked Rename and renamed it GroupPolicy.old … Rebooted and tries installing Chrome again. Same thing … A window/box popped up with a digital shaped robot with an extended arm to a couple of screwdriver looking tools with the statement "Your network administrator has applied a Group Policy that prevents installation." with Help and Close buttons.
 
Post a screenshot of the block screen. That will help determine if it's a Windows feature or third party tool blocking it.

Also copy and paste the following into a powershell prompt and upload the policy.txt file created on the desktop.

Get-ChildItem HKLM:\SOFTWARE\Policies -Recurse -Force | Out-File $env:USERPROFILE\Desktop\Policy.txt
 
Thank you for your patience and help.
First, I will need steps/instruction to do a "Screenshot of the block screen". I have never done this.
Next, what do you mean by a "powershell prompt"?
Also, By "upload the policy.txt", do you mean to attach the file or, by some other means?
It may take me a bit to respond with those as, I will be away for a while.
 
On Windows 10 you can just press [Windows key + shift + S] to do a screen capture then just press ctrl + v in the resply box on this site (were you type).

To open a powershell prompt, click the start button and type powershell and click on "Windows Powershell". The text file mentioned will be created when you run the command from reply #11 and yes you would click "Attach file" and select the file on your desktop.
 
First, what I was able to obtain typing powershell in the search box and then pasting the command in # 11. I had to copy/paste from the window. It did not create a file on the desktop.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Users\Optiplex> Get-ChildItem HKLM:\SOFTWARE\Policies -Recurse -Force | Out-File $env:USERPROFILE\Desktop\Policy.txtGet-ChildItem HKLM:\SOFTWARE\Policies -Recurse -Force | Out-File $env:USERPROFILE\Desktop\Policy.txt
Out-File : Cannot validate argument on parameter 'Encoding'. The argument "HKLM:\SOFTWARE\Policies" does not belong to the set
"unknown,string,unicode,bigendianunicode,utf8,utf7,utf32,ascii,default,oem" specified by the ValidateSet attribute. Supply an argument that is in the set and then try
the command again.
At line:1 char:115
+ ... OFILE\Desktop\Policy.txtGet-ChildItem HKLM:\SOFTWARE\Policies -Recurs ...
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: :)) [Out-File], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand
PS C:\Users\Optiplex>

Next, the screenshot ...
37601
 
That is part of the GPOs for Google chrome.

You'll need to delete the policies.
  • Press [Windows key + r]
  • In the run box type regedit and press enter
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies
  • Under policies will be a key (keys look like folders) called Google
  • Select the 'Google' key and delete it
  • Reboot and try to install Chrome again.
 
Success !!! But, these two links still remain on the favorites bar, along with the rest I had installed there … I am assuming, they are part of the Trojan problem. I will leave Chrome alone for now ... seeking proper removal so as to not start this all over again.
37603

The Walmart one is one of mine … The other two concern me.
 
Yeah those would be Russian links. They are likely sync'd to your account if you sign in to Chrome. You can simply right click and delete them. You may want to review your other settings or even log into your google account and wipe it out or audit it for other issues.
 
Yeah those would be Russian links. They are likely sync'd to your account if you sign in to Chrome. You can simply right click and delete them. You may want to review your other settings or even log into your google account and wipe it out or audit it for other issues.
What steps do I need to take to "Audit" my Google account? For that matter, if necessary, what would I need to do to "Wipe it out"? because, when I did the reinstall, all of my settings were still current.
 
Back
Top