Got a local admin account where this has been sethttp://img26.imageshack.us/img26/5716/18112010133154.pngWhich I believe is preventing the admin account from removing or installing devices. This is causing an issue. Looks like it's AD GP as is greyed out and I can't add to it locally. The network team claim there are no AD GPs to limit the local admin account that they know of.Also, I'm trying to use Process Monitor on the machine but that needs admin rights and it keeps saying that the local admin account isn't a member of the admin group, but it is.Any ideas? Even if it's just fixing he Process Monitor bit?And looking at the picture can anyone explain what the icon means next to Load and Unload device drivers. It's different from the others and think this is related, maybe trying to tell me it's a AD group policy.I've spoken to networks, they said there are not AD GP's set for this. I've used the local admin account to create a new local admin account and put it in the administrators group. Logged into it and it also has the same issue.Any ideas?

The symbol you refer to indicates that setting has been locked by group policy and is not changeable. When I've seen this in the past, the only way I've been able to override it is by using "secedit". For more info on this command: Start -> Help and Support -> Search: SeceditAn "Elephant Gun" approach might also work:"How do I restore security settings to the default settings?" < http://support.microsoft.com/kb/313222 >HTH, JW Nice. Thanks. That appears to have semi fixed the Load and Unload device drivers issue in GPEDIT as now Administrators is back in that section, however, it's all still greyed out. The machine is no longer on the domain, I removed it. And XP still appears to believe that the administrator account isn't in the administrators group, even though it is. Meaning I can't run Process Monitor on the machine. And I really need to run that for another issue the machine is suffering from.

Now you've gone and done it... You tickled some long-since-thought-dead memory cells...I think that you will find that indeed you are in the "Administrators" group. Try this simple test: Right-click on the "Start" button. If one of the choices that pops up is "Open All Users", then indeed you do have Administrator privileges.IIRC, you need more than Administrator privilege to run Process Monitor. I think that you also need "Debug Programs" privilege as well. This was the whole reason that I learned about Secedit in the first place. In a plain-manilla Windows setup, I think that the administrator group has Debug privilege but in a lot of domains, the administrator is removed from the list of users with Debug Privilege. If it has not been locked-out by group policy, you can remedy this problem with the Group Policy Editor (Start->Run->"gpedit.msc"). Simply navigate to: Computer Configuration->Windows Settings->Security Settings->Local Policies->User Rights Assignmentand look for a "Debug Programs" line in the right window. Double-click on that and, if it is not locked, add the "Administrators" group to the list (or user of your choice). I'll wager that Process Monitor will then run.If it is locked out, then you will have to do what I have done and learn secedit. It's not pretty, but it will get the job done.HTH & Good Luck, JW

We'll probably never know as I fixed it all before I read your new reply :) this is how it all went. Might look odd but it's because I posted this fix on another forum I post at and can't be bothered to type it all again so just lifted it from there. May be of some help to others.-------------------------------Took all day from 8am to 4pm but did it :) gives you a buzz when you solved something like this, that had me :scratch: all day.Right. First problem (that ended up not needed in end) was to fix the GPEDIT issue, why wasn't Administrators in there. I think the GP was buggered, so asking over at Technet forums I got told about the secedit command (which I'm sure I've heard of before but long forgot). Got given this linkhttp://support.microsoft.com/kb/313222Being on XP I ran this on the machine at a CMDsecedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verboseDid what it had to do. Checked gpedit again and sure enough the Administrators group was back in the place it should be in the image in first post. But it was all still greyed out, but never mind as admin account was now able to remove devices. Also got told the icon means it's locked by Group Policy and can't be edited. The blue 1's and 0's means it's not locked and can be edited.So, now, why wasn't Process Monitor still working? It was still saying Admin wasn't in the Admin group but it was. On Technet they later said the Admin has to be in the debug group as well for Process Monitor to run, but I'd fixed it before then, so not sure if that was the issue.Anyway. To fix the admin account permissions I used Trinity Rescue Kithttp://trinityhome.org/Home/index.php?wpid=1&front_id=12Booted up from that, ranwinpassTo allow you to reset a local account, unlock or up it's privileges. I choose to up the admin accounts privileges as it was saying the admin account only had Normal rights.Booted into Windows and result, Process Monitor was now able to run :)However, the hanging issue (not sure if I mentioned that) was still a problem. I then used msconfig (which ain't great) but it's easy with that to hide all the Microsoft processes so that you can then disable all other, 3rd party ones. Did that and rebooted. No more hanging. Then had to re-enable them one by one till the hanging started again.What was it?Our Helpdesk software. It had two processes running as services at start-up and they were causing the hang. I'm about to look through the Process Monitor logs of it working and then not working. To see if what I suspect to be happening is happening. That is, now the PC is on a new domain, these two services are trying to talk or doing something with the old domain and can't. Causing explorer to then hang as they maybe just get stuck in a loop.Was a good feeling when it was all fixed and I had drilled it down to the exact two things causing the issue.Now it geekness I'm off to look through the process monitor logs.-----------------------Also, to get round the fact they'd forgotten the local admin password, I used Kon-Boot Forgot to mention that once I put the PC back on the domain the gpedit entry was no longer greyed out.