Re: Urgent Policy question

What policies did you change? Normally when this happens you should still be
able to logon to a domain controller locally unless you changed both Domain
and Domain Controller Security Policy.

Anyhow see the link below on how to edit the GptTmpl.inf file in the sysvol
share to restore default user rights for Domain Controller Security Policy.
You could do such be either putting the hard drive of the domain controller
into another computer to access it, use a parallel installation of the
operating system, or best option would be to try and access the sysvol share
remotely. You could do such by logging onto a non domain computer to try
such either with a user account that has the same credentials as a domain
administrator or entering domain administrator credentials when you try to
access the sysvol share. This assumes that the user right for access this
computer from the network user right is still granted for the domain
administrator account. Always be very careful with deny user rights as they
override allow user rights and administrators are members of the users and
everyone groups. --- Steve

http://support.microsoft.com/kb/267553/

"Ackztoul" <Ackztoul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C2B5A731-F0CE-4EBC-8350-742E8D87D053@xxxxxxxxxxxxxxxx
> Fortunately this is in a lab setting but i still am in need of dire help.
> I was changing policies and wasn't paying too close attention and i must
> have changed the policy for logging in locally because no PC can log in to
> the domain, and i can't get into the DC (even with the Admin account). How
> can i get into the PC to change this policy setting. i am getting the
> message
> "The local policy of this system does not allow you to logon
> interactively"
> from any PC on the domain. The only way for other workstations or member
> servers (2) to log in is locally.
> Please help, i do not want to rebuild this DC! i have a lot of time and
> work
> into this. i made a stupid mistake and am now paying for it.
>
> Thanks,
>
>


.

Relevant Pages

  • Re: Urgent Policy question
    ... Yea, i accidently put it in the Deny logon on locally, not paying attention. ... > share to restore default user rights for Domain Controller Security Policy. ... > administrator or entering domain administrator credentials when you try to ...
    (microsoft.public.win2000.group_policy)
  • Re: administrator unable to logon interactively
    ... Windows 2000 domain controller. ... note that the deny interactive logon permission ... so that if the Administrator is in a group like Everyone ...
    (microsoft.public.win2000.security)
  • Re: create support admin user
    ... configuring the "logon locally" user right in Domain Controller Security ... being an administrator but you can test that out to see if it suits your ... I would like to give a support user the ability ...
    (microsoft.public.win2000.security)
  • Administrator unable to log on Interactively
    ... administrator is not able to log on interactively. ... on to the primary domain controller. ... one of the computers in the domain after I logged in as ... "Logon failure: The user has not been granted the ...
    (microsoft.public.win2000.security)
  • Re: Urgent Policy question
    ... Well the solutions I listed should work for you if you can not logon to ... >> able to logon to a domain controller locally unless you changed both ... >> and Domain Controller Security Policy. ... >> administrator or entering domain administrator credentials when you try ...
    (microsoft.public.win2000.group_policy)