Re: Urgent Policy question

OK. Well the solutions I listed should work for you if you can not logon to
a domain controller directly. --- Steve


"Ackztoul" <Ackztoul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E1021C0-C699-4675-AA6F-4D996EE160E7@xxxxxxxxxxxxxxxx
> Yea, i accidently put it in the Deny logon on locally, not paying
> attention.
> i put a group in there that basically has all my users in!! STUPID....
>
> Thanks,
>
> "Steven L Umbach" wrote:
>
>> What policies did you change? Normally when this happens you should still
>> be
>> able to logon to a domain controller locally unless you changed both
>> Domain
>> and Domain Controller Security Policy.
>>
>> Anyhow see the link below on how to edit the GptTmpl.inf file in the
>> sysvol
>> share to restore default user rights for Domain Controller Security
>> Policy.
>> You could do such be either putting the hard drive of the domain
>> controller
>> into another computer to access it, use a parallel installation of the
>> operating system, or best option would be to try and access the sysvol
>> share
>> remotely. You could do such by logging onto a non domain computer to try
>> such either with a user account that has the same credentials as a domain
>> administrator or entering domain administrator credentials when you try
>> to
>> access the sysvol share. This assumes that the user right for access this
>> computer from the network user right is still granted for the domain
>> administrator account. Always be very careful with deny user rights as
>> they
>> override allow user rights and administrators are members of the users
>> and
>> everyone groups. --- Steve
>>
>> http://support.microsoft.com/kb/267553/
>>
>> "Ackztoul" <Ackztoul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:C2B5A731-F0CE-4EBC-8350-742E8D87D053@xxxxxxxxxxxxxxxx
>> > Fortunately this is in a lab setting but i still am in need of dire
>> > help.
>> > I was changing policies and wasn't paying too close attention and i
>> > must
>> > have changed the policy for logging in locally because no PC can log in
>> > to
>> > the domain, and i can't get into the DC (even with the Admin account).
>> > How
>> > can i get into the PC to change this policy setting. i am getting the
>> > message
>> > "The local policy of this system does not allow you to logon
>> > interactively"
>> > from any PC on the domain. The only way for other workstations or
>> > member
>> > servers (2) to log in is locally.
>> > Please help, i do not want to rebuild this DC! i have a lot of time and
>> > work
>> > into this. i made a stupid mistake and am now paying for it.
>> >
>> > Thanks,
>> >
>> >
>>
>>
>>


.

Relevant Pages

  • Re: Administrator unable to log on Interactively
    ... Firstly i tried accessing the domain controller C drive ... I think the policy has been changed in the "local security ... >> administrator is not able to log on interactively. ... >Interactive Logon setting takes precedence over the Allow ...
    (microsoft.public.win2000.security)
  • Re: logon from the server machine !
    ... >The default Domain Controller policy in Windows Server ... >Security Policy setting. ... Allow Local Logon ...
    (microsoft.public.windows.server.general)
  • Re: Unable to use Remote desktop
    ... When trying to connect to a W2K domain controller running Terminal ... Services with Application Server mode for user access, you as a TS user may ... receive "The local policy of this system does not permit you to logon ...
    (microsoft.public.windowsxp.network_web)
  • Re: administrator unable to logon interactively
    ... Windows 2000 domain controller. ... note that the deny interactive logon permission ... so that if the Administrator is in a group like Everyone ...
    (microsoft.public.win2000.security)
  • Re: Win2000 Terminal Server Logons not permitted
    ... > Is the terminal server also a Domain Controller? ... When we try to logon ... >>>> We have changed permissions in Domain Security Policy, ...
    (microsoft.public.win2000.group_policy)