Subscribe to Help Center RSS FeedThis article provides guidance on resolving errors related to the Restrict Control Access Policy when applied to an affected device via the JumpCloud Admin Portal.
Symptoms
The policy fails to execute successfully, resulting in the following error:
exit status 1: ERROR: The system was unable to find the specified registry key or value. C:\Program Files\JumpCloud\policies\disable_control_panel.ps1 : Error mounting user hive C:\Users\Jumpcloud.test\NTuser.dat: + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,disable_control_panel.ps1 New-Item : The parameter is incorrect. At C:\Program Files\JumpCloud\policies\disable_control_panel.ps1:275 char:20 + ... keyOutput = New-Item -Path $registryPath -Name "Explorer" -Type direc ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (HKEY_USERS\S-1-...licies\Explorer:String) [New-Item], IOException + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.NewItemCommand Error writing key to registry (Create Explorer Directory): New-ItemProperty : Cannot find path 'HKEY_USERS\S-1-5-21-3493484***-1572329***-3110980668-1***\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' because it does not exist. At C:\Program Files\JumpCloud\policies\disable_control_panel.ps1:307 char:22 + ... keyOutput = New-ItemProperty -Path "$registryPath" -Name "DisallowCPL ...
Cause
This error typically occurs when the policy references a previously deleted local account on the device. The failure stems from the policy attempting to access a user profile associated with a non-existent Security Identifier (SID).
Resolution
Follow these steps to resolve the issue:
- Identify the Problematic SID
Use the JumpCloud Admin Portal to locate the error message within the policy logs. Identify the problematic SID from the log entry. For example:
Error writing key to registry (Create Explorer Directory): New-ItemProperty : Cannot find path 'HKEY_USERS\S-1-5-21-3493484***-1572329***-3110980668-1***\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
Alternatively, run the following command in Command Prompt to list all users and their associated SIDs:
wmic useraccount get name,sid
- Backup the Registry
- Open Registry Editor as Administrator.
- Navigate to File > Export to create a backup of the registry.
- Delete the Problematic SID
- In Registry Editor (regedit.msc), go to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - Locate and delete the folder matching the problematic SID identified in Step 1.
- In Registry Editor (regedit.msc), go to:
- Restart the device to apply the changes.
- Reapply the Policy
- In the JumpCloud Admin Portal, remove the policy from the affected device.
- Reapply the policy.
- If the policy is applied via a device group, remove the device from the group, re-add it, and reapply the policy.
- Verify Results
- Allow the JumpCloud agent to sync the changes.
- Check the policy results.
- If the issue persists, repeat the steps to identify and resolve any additional problematic SIDs.
This process has been tested and verified to resolve the error caused by non-existent user profiles. If issues continue, contact JumpCloud Support for further assistance.