Re: Domain Administrator have lost all rights
From: Enkidu (enkidu_at_xyzcliffpxyz.com)
Date: 11/07/04
- Next message: Andrew Mitchell: "Re: Limitations when running shutdown script"
- Previous message: Fabrussio: "Re: Domain Administrator have lost all rights"
- In reply to: Fabrussio: "Re: Domain Administrator have lost all rights"
- Next in thread: Fabrussio: "Re: Domain Administrator have lost all rights"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 07 Nov 2004 15:58:06 +1300
How long did you wait? It could take eight hours for the GPOs to
propogate, if you don't do anything else. Or you could issue the
command "secedit /refreshpolicy machine_policy".
Cheers,
Cliff
On Sat, 6 Nov 2004 16:06:02 -0800, Fabrussio
<Fabrussio@discussions.microsoft.com> wrote:
>I have never changed anything in the default domain GPO, the restricted group
>was in a seperate GPO called 'machines' that contains all the workstations.
>
>Why doesn't the domain administrator get back nomal access rights after this
>restricted group and GPO setting has been deleted?
>
>thanks for all help..
>
>
>"Enkidu" wrote:
>
>>
>> I'm pretty sure you can't remove the default domain controller's GPO.
>> See if you can access that and replace the group as suggested.
>>
>> Try this KB article.
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;226243
>>
>> Cheers,
>>
>> Cliff
>>
>> On Sat, 6 Nov 2004 07:50:01 -0800, Fabrussio
>> <Fabrussio@discussions.microsoft.com> wrote:
>>
>> >Thanks but I have deleted all GPO's and restricted groups and restarted the
>> >server but the Domain Admin access is still restricted.
>> >eg. I can't access any remote workstation c$ drive, I can't look at files
>> >that have administrator Full control permissions, I can't access any
>> >http://localhost web sites from the server.
>> >
>> >How can I get back control???
>> >
>> >
>> >"ptwilliams" wrote:
>> >
>> >> Restricted groups replaces group membership - it doesn't merge (well, it
>> >> can, but I can't remember the SP versions, and KBs). That's why it's called
>> >> restricted groups - you restrict what members are in what groups. Just open
>> >> up the GPO that you defined this in and add the domain admins group and any
>> >> other missing groups at the GPO level.
>> >>
>> >> --
>> >>
>> >> Paul Williams
>> >>
>> >> http://www.msresource.net
>> >> http://forums.msresource.net
>> >>
>> >>
>> >> "Fabrussio" <Fabrussio@discussions.microsoft.com> wrote in message
>> >> news:D133FFF0-2548-4EED-9C25-F5D53B93B488@microsoft.com...
>> >> i have a single DC w2k sp4.
>> >> I set up a restricted group in the AD to give workstation users - local
>> >> admin access.
>> >> I must have made a mistkae cos As soon as I set it up it stopped all my
>> >> domain admin access and IUSR access from the server. I have completely
>> >> removed all traces of the groups and related policy but the admin access
>> >> never returns.
>> >>
>> >> Tried restarting server.
>> >>
>> >> what to do????? please help!!
>> >>
>> >>
>> >>
>>
>>
- Next message: Andrew Mitchell: "Re: Limitations when running shutdown script"
- Previous message: Fabrussio: "Re: Domain Administrator have lost all rights"
- In reply to: Fabrussio: "Re: Domain Administrator have lost all rights"
- Next in thread: Fabrussio: "Re: Domain Administrator have lost all rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
