local security policy

From: Tibor Biro (tiborbiro@rogers.com)
Date: 08/22/02 

From: "Tibor Biro" <tiborbiro@rogers.com>
Date: Thu, 22 Aug 2002 07:20:56 -0700

Hi there,

The local security database (at least the user rights
assignment part) is placed in
C:\WINNT\security\Database\secedit.sdb. If you have a
recent backup of that file you can restore it and try it
out. You also have to lower the version of the policy,
this one is in the C:\WINNT\system32\GroupPolicy\gpt.ini
file. Put it to 1 or something lower than whatever you
currently have.

After this you want to make sure that the policy is
propagated so run these commands on the target machine
(you can use the scheduler to schedule remotely):
secedit /refreshpolicy user_policy /enforce
secedit /refreshpolicy machine_policy /enforce

This might do the trick, let me know how it goes.

And finally a warning:
I tested this but there is no guarantee that it will do
any good so please take the necessary precautions.

Regards,
Tibor Biro

>-----Original Message-----
>i was altering some settings in the local security policy
app, wasnt
>finished with them, but i had to pause what i was doing
to take care of
>something else.
>
>one of the other techs wasnt aware of what i was doing
and logged me out
>thinking it best (as my account has admin rights, we have
a standing policy
>that you dont leave yourself logged in at the server with
an account with
>admin rights)
>
>now i cant log into the server (noone can)
>
>i do seem to have remote registry access (and i have the
login/pass-es for
>all of the ppl in the administrator group) i just cannot
find where to go to
>remove the policy and allow local login. i also have
access through
>management console on another machine.
>
>what i was doing was trying to just lock out
the "administrator" account
>from logging in and anyone in the users group, but it
looks like i managed
>to just lock everyone out. (i even created a user who was
not a member of
>the users group nor the admin group, but he still couldnt
log in either)
>
>
>this is a stand alone server, not running as a domain
controller. should i
>be looking for a file on disk? should i be looking for a
registry entry? i
>cant seem to locate anything in either that looks like
what i need.
>
>any help would be greatly appreciated
>
>Casey Boone
>
>
>.
>

Relevant Pages

  • Re: Cant add/rem hardware with Admin rights
    ... First check in Local Security Policy under security settings/local policies/user ... rights for the right to load and unload device drivers. ... The administrators group ...
    (microsoft.public.win2000.networking)
  • Re: Help! How do I see what OS management rights a Group has?
    ... User rights/privileges can be assigned in Local Security Policy or at ... Controller Security policy for user rights and keep in mind that in Windows ...
    (microsoft.public.win2000.security)
  • Re: Local GPO
    ... When you look at the local security policy on a member what you see are the ... Preferences are settings in the registry that are not ... > to use the Default Domain Controllers Policy linked to the Domain ...
    (microsoft.public.windows.group_policy)
  • Re: HELP!!! Unable to logon to Server 2000
    ... Any domain or Organizational Unit Group Policy that is enabled will override ... Local Security Policy defined settings assuming everything is configured ... Security Policy and that will override the Local Security Policy for those ... I would first double check the Domain Controller Security ...
    (microsoft.public.win2000.security)
  • Re: XP Home - Cant Audit - no Local Security Policy
    ... I do not use Home edition. ... policy interface is not just excluded but also prevented from ... auditing policy set/adjusted. ... My problem is it refers to Local Security Policy. ...
    (microsoft.public.security)
Loading