Subscribe to Help Center RSS FeedThis article provides guidance on resolving errors related to the Restrict Control Access Policy when applied to an affected device via the ̽»¨´óÉñ Admin Portal.
Symptoms
The policy fails to execute successfully, resulting in the following error:
exit status 1: ERROR: The system was unable to find the specified registry key or value. C:\Program Files\̽»¨´óÉñ\policies\disable_control_panel.ps1 : Error mounting user hive C:\Users\Jumpcloud.test\NTuser.dat: + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,disable_control_panel.ps1 New-Item : The parameter is incorrect. At C:\Program Files\̽»¨´óÉñ\policies\disable_control_panel.ps1:275 char:20 + ... keyOutput = New-Item -Path $registryPath -Name "Explorer" -Type direc ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (HKEY_USERS\S-1-...licies\Explorer:String) [New-Item], IOException + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.NewItemCommand Error writing key to registry (Create Explorer Directory): New-ItemProperty : Cannot find path 'HKEY_USERS\S-1-5-21-3493484***-1572329***-3110980668-1***\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' because it does not exist. At C:\Program Files\̽»¨´óÉñ\policies\disable_control_panel.ps1:307 char:22 + ... keyOutput = New-ItemProperty -Path "$registryPath" -Name "DisallowCPL ...
Cause
This error typically occurs when the policy references a previously deleted local account on the device. The failure stems from the policy attempting to access a user profile associated with a non-existent Security Identifier (SID).
Resolution
Follow these steps to resolve the issue:
- Identify the Problematic SID
Use the ̽»¨´óÉñ Admin Portal to locate the error message within the policy logs. Identify the problematic SID from the log entry. For example:
Error writing key to registry (Create Explorer Directory): New-ItemProperty : Cannot find path 'HKEY_USERS\S-1-5-21-3493484***-1572329***-3110980668-1***\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
Alternatively, run the following command in Command Prompt to list all users and their associated SIDs:
wmic useraccount get name,sid
- Backup the Registry
- Open Registry Editor as Administrator.
- Navigate to File > Export to create a backup of the registry.
- Delete the Problematic SID
- In Registry Editor (regedit.msc), go to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - Locate and delete the folder matching the problematic SID identified in Step 1.
- In Registry Editor (regedit.msc), go to:
- Restart the device to apply the changes.
- Reapply the Policy
- In the ̽»¨´óÉñ Admin Portal, remove the policy from the affected device.
- Reapply the policy.
- If the policy is applied via a device group, remove the device from the group, re-add it, and reapply the policy.
- Verify Results
- Allow the ̽»¨´óÉñ agent to sync the changes.
- Check the policy results.
- If the issue persists, repeat the steps to identify and resolve any additional problematic SIDs.
This process has been tested and verified to resolve the error caused by non-existent user profiles. If issues continue, contact ̽»¨´óÉñ Support for further assistance.