Re: Can't access DNS MMC in AD

I have denied ALL to ALL groups in the DNS in AD. Is there a way to "undo"
this? No group has access as they are all denied.

Hmmm?


Ross

"Kevin D. Goodknecht Sr. [MVP]" wrote:

Read inline please.

In news:C5F2DC82-97AA-4683-8DBF-10C9CB35705A@xxxxxxxxxxxxx,
ross <ross@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have denied ALL existing (default) groups in the ACL for the DNS
server in the DNS MMC. I now have NO access. I want to remove the
deny settings, but I can't get back in. How can I get back in?

This was done as an experiment, but now it is a valid and scary
concern because I have no access to DNS config.

Any ideas?

What permissions did you deny?

Did you also use Deny on the Built-in Administrators Group?

You should remove yourself from any group you have set the Deny permissions
on. If you have set Deny on your Domain Primary group add yourself to a
Domain group that you have not set Deny on, this may mean creating a new
Group, and making it your Primary group.
Use AdsiEdit to see how high up the Deny permissions go, and try to take
ownership of all child objects.

You should be very carefull about using Deny on any group because the Deny
to passed down to all members.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================



.

Relevant Pages

  • Re: ipchains help
    ... you specifically block ONLY tcp connection attempts. ... You cannot block all UDP if you want DNS to ... forward DENY ...
    (Security-Basics)
  • Re: IP Tables DNS issues
    ... >I'm having problem with my IP tables allowing DNS queries, ... ># Log packets with impossible source addresses ... There is significant discussion of the merits of DROP verses DENY ... (send RESET or ICMP Type 3). ...
    (comp.security.firewalls)
  • Re: Cisco Workaround
    ... Hi Alvaro, ... this port if you want your DNS to communicate with your ISP DNS. ... access-list 101 deny 53 any any ... !--- you must permit other protocols through to allow normal ...
    (Security-Basics)
  • PPTP client not using VPN DNS servers set...
    ... the DNS servers that it sets. ... My DNS servers are 10.10.7.1 10.10.7.3. ... deny chap ... The client is windows XP ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Users cannot access certain files!!!
    ... Perhaps you set Deny for more than you have said, ... Remove the Deny to reverse this effect. ... admin accounts, the admins will not have access. ... > A user was explicitley denied access to a specific folder. ...
    (microsoft.public.win2000.security)