{"id":120817,"date":"2025-02-07T17:41:52","date_gmt":"2025-02-07T22:41:52","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=120817"},"modified":"2025-03-07T13:20:18","modified_gmt":"2025-03-07T18:20:18","slug":"troubleshoot-resolving-restrict-control-access-policy-error","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/troubleshoot-resolving-restrict-control-access-policy-error","title":{"rendered":"Troubleshoot: Resolving “Restrict Control Access Policy” Error"},"content":{"rendered":"\n

This article provides guidance on resolving errors related to the Restrict Control Access Policy<\/strong> when applied to an affected device via the JumpCloud Admin Portal.<\/p>\n\n\n\n

Symptoms<\/h4>\n\n\n\n

The policy fails to execute successfully, resulting in the following error:<\/p>\n\n\n\n

\n

exit status 1: ERROR: The system was unable to find the specified registry key or value. C:\\Program Files\\JumpCloud\\policies\\disable_control_panel.ps1 : Error mounting user hive C:\\Users\\Jumpcloud.test\\NTuser.dat: + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,disable_control_panel.ps1 New-Item : The parameter is incorrect. At C:\\Program Files\\JumpCloud\\policies\\disable_control_panel.ps1:275 char:20 + … keyOutput = New-Item -Path $registryPath -Name “Explorer” -Type direc … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (HKEY_USERS\\S-1-…licies\\Explorer:String) [New-Item], IOException + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.NewItemCommand Error writing key to registry (Create Explorer Directory): New-ItemProperty : Cannot find path ‘HKEY_USERS\\S-1-5-21-3493484***-1572329***-3110980668-1***\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer’ because it does not exist. At C:\\Program Files\\JumpCloud\\policies\\disable_control_panel.ps1:307 char:22 + … keyOutput = New-ItemProperty -Path “$registryPath” -Name “DisallowCPL …<\/p>\n<\/div><\/div>\n\n\n\n

Cause<\/h4>\n\n\n\n

This error typically occurs when the policy references a previously deleted local account on the device. The failure stems from the policy attempting to access a user profile associated with a non-existent Security Identifier (SID).<\/p>\n\n\n\n

Resolution<\/h4>\n\n\n\n

Follow these steps to resolve the issue:<\/p>\n\n\n\n

    \n
  1. Identify the Problematic SID
    Use the JumpCloud Admin Portal to locate the error message within the policy logs. Identify the problematic SID from the log entry. For example:<\/li>\n<\/ol>\n\n\n\n
    \n

    Error writing key to registry (Create Explorer Directory): New-ItemProperty : Cannot find path ‘HKEY_USERS\\S-1-5-21-3493484***-1572329***-3110980668-1***\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer’<\/p>\n<\/div><\/div>\n\n\n\n

    Alternatively, run the following command in Command Prompt<\/strong> to list all users and their associated SIDs:<\/p>\n\n\n\n

    \n

    wmic useraccount get name,sid<\/p>\n<\/div><\/div>\n\n\n\n

      \n
    1. Backup the Registry\n