none
Windows will not load after restart - Spinning dots - Since enabling Software Restriction Policies RRS feed

  • Question

  • We are currently testing Software Restriction Policies and ran into a problem with the process.  We have Windows 10 Pro so we are using Software Restriction Policies.

    The policy is Computer based and its applied to a single PC at this point.

    Our default security level is Disallowed.

    Enforcement is All software files

    Policies apply to ALL users

    We enforce certificate rules

    We have added the following from Designated Fie Types

         WSF (Windows Script File)

         JAR (Executable Java File)

         JS (JavaScript File)


    Path rules are in place to allow files to run from various locations.  

    Once the policy is applied and the PC restarts the PC does not boot into Windows.  After the Dell logo load we see a animation of dots spinning in a circle (like windows is loading).  We let our PC sit for about 30  minutes and it never gets past this spot.  We have to restore the the PC to a previous recoveyr point to gane use of the system again.

    Without the policy in place we see these same dots spinning in a circle for about 1 second before Windows loads.

    Our path rules allow for executables to run from various locations

    (Default HKEY Rules)

    C:\ProgramFiles

    C:\ProgramFiles (x86()

    C:\ProgramData\Microsoft

    C:\Windows

    (along with other paths)


    What am I doing wrong?


    Thursday, October 3, 2019 8:02 PM

All replies

  • Hi,

    It seems right for your settings.

    How about change a user to log on or change a test computer .

    Actually,I did a lab as you in my environment ,also the client is win10, it delayed for few seconds, but get past.

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, October 4, 2019 4:27 AM
  • I have tried on another workstation for a different user and when that user logs on the spinning dots happen for about 30 seconds or so and then she can log on.     

    Again with no software restriction in place these spinning dots are less than 1 second on screen.   What is happening during this "spinning dots" period?

    Since my computer never makes it to Windows logon when the policy is applied I cannot try a different user on my workstation.  This is a computer based policy.


    Friday, October 4, 2019 7:11 PM
  • Hi,

    For the slow logon problem, i would recommend you monitoring the logon process.

    For troubleshooting , you can refer to the following links:

    https://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx

    https://blogs.technet.microsoft.com/askds/2009/09/23/so-you-have-a-slow-logon-part-1/

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, October 7, 2019 1:24 AM
  • Thanks for the recommendation on the slow boot PC.

    Any recommendation for the PC that never gets to the logon prompt with SRP enabled?    If I turn off SRP then the PC boots with no issues.

    My only way to regain access to the workstation is to boot to USB and restore a recovery point from a couple of days ago.  I would like to figure out what exactly in my policy is causing the issue.

    Monday, October 7, 2019 5:26 PM
  • Hi,

    In your situation , i would recommend you check the policy apply process on the second client (cost 30 seconds to logon).

    We can viewer the process using the GPSVC.

    For  more information about gpsvc , you can refer to the following link  :  https://blogs.technet.microsoft.com/askds/2015/04/17/a-treatise-on-group-policy-troubleshootingnow-with-gpsvc-log-analysis/

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, October 10, 2019 7:40 AM
  • I am focusing on the PC that would not boot.    

    We traced the inability to boot back to the SRP policy that was analyzing DLL files.  Once we removed the DLL files from the policy the PC has booted with no further issue and SRP still fully applied.

    I would prefer to include DLL files with my Software restriction policy.  

    Any ideas?

    Thursday, October 10, 2019 2:42 PM
  • Hi,

    I'm afraid i can't give your more advice about the policy settings, since the same policy can applied to another computer normally.

    The suggestion i can think about is using the process monitor to see exactly what happened during the gpo processes , how did the DLL files affect the the user logon.

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, October 11, 2019 1:33 AM
  • Can you advise on the below pleases?

    "The suggestion i can think about is using the process monitor to see exactly what happened during the gpo processes"

    Monday, October 14, 2019 5:34 PM
  •  

    Hi,

    What i said is to monitor the gpo process in the second computer , since you can't logon to the first computer.

    We can viewer the process using the GPSVC  for how did the DLL files affect the the user logon .

    For  more information about gpsvc , you can refer to the following link :

    :  https://blogs.technet.microsoft.com/askds/2015/04/17/a-treatise-on-group-policy-troubleshootingnow-with-gpsvc-log-analysis/

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, October 15, 2019 1:30 AM
  • I have the gpsvc.log.  What specifically am I looking for?
    Tuesday, October 15, 2019 5:04 PM
  • Hi,

    The whole process when the  Software Restriction Policies applied to the computer.

    We can figure out and how did the process affect the computer, and why did the logon process become slow .

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, October 16, 2019 1:38 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 18, 2019 9:11 AM
  • I have given up on getting Software Restriction Policy to work when enforcing DLLs. 

    Thank you for your help.

    Friday, October 18, 2019 1:31 PM
  • Hi,

    Thanks for let us know the current status.

    If there is anything else we can do for you, please feel free to post in our forum.

    Have a nice day!

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 21, 2019 5:43 AM