Re: Log on Locally

From: Christophe Cornil (cco@clear2pay.com)
Date: 07/19/02 

From: "Christophe Cornil" <cco@clear2pay.com>
Date: Fri, 19 Jul 2002 22:12:30 +0200

I'll try this thanks... anyway I hjave a doubt, and also something I can't
understand... even if I do not have the rights to log on locally, why the
f...!ùµ$^ù I can't access the AD? what's the link? I should keep my admin
rights no?
"blaxshep" <Jim_Campau@bausch.com> wrote in message
news:eRx$961LCHA.1748@tkmsftngp09...
> Try this:
>
> Logon to the machine as a standard user and use the runas command.
>
> at the command prompt type:
>
> runas /user:administrator mmc.exe
> or
> runas /user:administrator@domain.xyz mmc.exe
>
> this will ask for your password
>
> now you should have admin rights while running the console.
>
> when the mmc opens add the users and computers snap in and group policy
> snapin to reset the policy.
>
> I am not sure if this will work since I can not test it with out locking
> myself out but the logic is sound.
>
>
> "Christophe Cornil" <cco@clear2pay.com> wrote in message
> news:#DBMo7zLCHA.2052@tkmsftngp08...
> > Hi all,
> >
> > I'm in a deep sh***
> >
> > I made a mistake when configuring the Domain Controller Policy.
> >
> > Instead of giving the access to the network and th log on locally to the
> > Domain admin group, I didn't check very well and I add Domain admins to
> the
> > following policies: Deny log on locally, deny access to this computer
from
> > the network.
> >
> > The problem now is, I can't connect to my Domain controllers.... and I
> CAN'T
> > change anymore my settings in the policy snap-in... I have an access
> denied!
> > I tried with the ntrights.ex as described here:
> > http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q279664
> > with this exact command: ntrights -u Domain Admins -m \\machinename -r
> > SeDenyInteractiveLogonRight
> >
> > but it seems Domain Admins is not the rights word to use because I have
> this
> > error message
> >
> > Revoking SeDenyInteractiveLogonRight from Domain ... failed
> > (GetAccountSid(Domain)=1332
> >
> > Anyway, I don't think I have the right to change it
> >
> > PLease need a lot of help.
> >
> > Thansk in advance
> >
> >
>
>

Relevant Pages

  • Re: Log on Locally
    ... That's what I Thought, I can't access it mmc, even via the RUNAS: Logon ... > snapin to reset the policy. ... I didn't check very well and I add Domain admins to ...
    (microsoft.public.win2000.security)
  • Re: Log on Locally
    ... Logon to the machine as a standard user and use the runas command. ... at the command prompt type: ... snapin to reset the policy. ... I didn't check very well and I add Domain admins to ...
    (microsoft.public.win2000.security)
  • Re: Unable to prevent OU deletion by Domain Admins?
    ... That's how ACLs work, or at ... Microsoft's own guidelines for parsing ACLs states that DENY ACLs ... I understand that domain admins have the delete and delete subtree ... I have a folder where Domain Users have Full control rights. ...
    (microsoft.public.win2000.active_directory)
  • Re: Active directory Group Policy (Win2k)
    ... When I enforce the policy onto the computers in the new OU, ... Domain Admins so the Domain Admins cannot view ... workstations, to access Microsoft Office. ...
    (microsoft.public.security)
  • Re: A Model, American Firearms Policy (Long)
    ... It is extremely important that in war time, the government must know who it can trust - so each citizen will have a dossier built on them and ID cards will only be given to those who pass the righteousness test. ... Except that there are NO reasonable restrictions on inalienable rights. ... suitable for personal protection in places where I could conceivably ... If the answer to this is yes, then the policy is wrong. ...
    (talk.politics.guns)