Re: Urgent Policy question

Yea, i accidently put it in the Deny logon on locally, not paying attention.
i put a group in there that basically has all my users in!! STUPID....

Thanks,

"Steven L Umbach" wrote:

> What policies did you change? Normally when this happens you should still be
> able to logon to a domain controller locally unless you changed both Domain
> and Domain Controller Security Policy.
>
> Anyhow see the link below on how to edit the GptTmpl.inf file in the sysvol
> share to restore default user rights for Domain Controller Security Policy.
> You could do such be either putting the hard drive of the domain controller
> into another computer to access it, use a parallel installation of the
> operating system, or best option would be to try and access the sysvol share
> remotely. You could do such by logging onto a non domain computer to try
> such either with a user account that has the same credentials as a domain
> administrator or entering domain administrator credentials when you try to
> access the sysvol share. This assumes that the user right for access this
> computer from the network user right is still granted for the domain
> administrator account. Always be very careful with deny user rights as they
> override allow user rights and administrators are members of the users and
> everyone groups. --- Steve
>
> http://support.microsoft.com/kb/267553/
>
> "Ackztoul" <Ackztoul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:C2B5A731-F0CE-4EBC-8350-742E8D87D053@xxxxxxxxxxxxxxxx
> > Fortunately this is in a lab setting but i still am in need of dire help.
> > I was changing policies and wasn't paying too close attention and i must
> > have changed the policy for logging in locally because no PC can log in to
> > the domain, and i can't get into the DC (even with the Admin account). How
> > can i get into the PC to change this policy setting. i am getting the
> > message
> > "The local policy of this system does not allow you to logon
> > interactively"
> > from any PC on the domain. The only way for other workstations or member
> > servers (2) to log in is locally.
> > Please help, i do not want to rebuild this DC! i have a lot of time and
> > work
> > into this. i made a stupid mistake and am now paying for it.
> >
> > Thanks,
> >
> >
>
>
>
.

Relevant Pages

  • Re: Urgent Policy question
    ... able to logon to a domain controller locally unless you changed both Domain ... share to restore default user rights for Domain Controller Security Policy. ... administrator or entering domain administrator credentials when you try to ...
    (microsoft.public.win2000.group_policy)
  • Re: User cant access the server
    ... In Domain Controller Security Policy make sure that auditing of logon events ... and privilege use is enabled for failure - at least temporarily. ... computer from the network user right for domain controllers which by default ...
    (microsoft.public.win2000.security)
  • Re: local admin permissions on DC
    ... Domain Controller Security policy. ... ("Allow logon through Terminal Services" ... > This is for monitoring a branch office DC -- the IT person was the NT ...
    (microsoft.public.windows.server.general)
  • Re: Cant logon concurrently
    ... Check the Domain Controller Security Policy ... The error message is a Logon Message: "The local policy of this system does ... > Please do not respond directly to me, but only post in the newsgroup so all can take advantage ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I disable TS on my SBS 2k3 system and run it on my app
    ... Javier [SBS MVP] ... > I demoted the Win2k3 server so it is not a DC and removed the changes to ... > administrators can logon to the SBS server. ... >> have to modify the domain controller security policy on the first place. ...
    (microsoft.public.windows.server.sbs)