got it!

From: Casey Boone (caseyb@yourclearwave.com)
Date: 08/23/02

Next message: Tibor Biro: "encryption"
Previous message: Eric Dycus: "Re: How to update workstations to IE Security update"
In reply to: Casey Boone: "Re: local security policy"
Next in thread: Tibor Biro: "Re: got it!"
Reply: Tibor Biro: "Re: got it!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Casey Boone" <caseyb@yourclearwave.com>
Date: Fri, 23 Aug 2002 12:22:56 -0500

w00t w00t

set up a batch file in the winnt folder so i could run a series of commands
(ran the batch from the task scheduler)
extracted to .inf files, found what i needed to edit

used this line in the batch to finally get it imported and changed (it was
stalling, and finally i realized it was asking me a question, so i made it
answer the question on its own)
echo y | secedit /configure /db C:\WINNT\security\Databases\secedit.sdb /cfg
C:\sec.userrights2.inf /overwrite /areas USER_RIGHTS /log
c:\sec.userrights.log /quiet > c:\sec.userrights.7.log

sec.userrights2.inf was a file that only altered the deny login so that it
was set to noone being denied login

and then i was in :)

i appreciate all your help, this wouldnt have been possible without you
pointing me in the right direction.

now i just have to clean up after all my break in attempts, no big deal :)

Casey

"Casey Boone" <caseyb@yourclearwave.com> wrote in message
news:um8$eLhSCHA.1976@tkmsftngp11...
> ive managed to force it to run a batch file on each system startup (via a
> remote group policy edit)
>
> im playing with secedit commands ran via that to see what i can make it
> export and import, i will keep you posted of my progress
>
> all in all i think i should find this to be hilarious... at least if i
wasnt
> the one responsible for it happening in the first place :\
>
> Casey
>
>
> "Tibor Biro" <tiborbiro@rogers.com> wrote in message
> news:1f6801c249e7$21069df0$9be62ecf@tkmsftngxa03...
> > Hi there,
> >
> > The local security database (at least the user rights
> > assignment part) is placed in
> > C:\WINNT\security\Database\secedit.sdb. If you have a
> > recent backup of that file you can restore it and try it
> > out. You also have to lower the version of the policy,
> > this one is in the C:\WINNT\system32\GroupPolicy\gpt.ini
> > file. Put it to 1 or something lower than whatever you
> > currently have.
> >
> > After this you want to make sure that the policy is
> > propagated so run these commands on the target machine
> > (you can use the scheduler to schedule remotely):
> > secedit /refreshpolicy user_policy /enforce
> > secedit /refreshpolicy machine_policy /enforce
> >
> > This might do the trick, let me know how it goes.
> >
> > And finally a warning:
> > I tested this but there is no guarantee that it will do
> > any good so please take the necessary precautions.
> >
> > Regards,
> > Tibor Biro
> >
> >
> > >-----Original Message-----
> > >i was altering some settings in the local security policy
> > app, wasnt
> > >finished with them, but i had to pause what i was doing
> > to take care of
> > >something else.
> > >
> > >one of the other techs wasnt aware of what i was doing
> > and logged me out
> > >thinking it best (as my account has admin rights, we have
> > a standing policy
> > >that you dont leave yourself logged in at the server with
> > an account with
> > >admin rights)
> > >
> > >now i cant log into the server (noone can)
> > >
> > >i do seem to have remote registry access (and i have the
> > login/pass-es for
> > >all of the ppl in the administrator group) i just cannot
> > find where to go to
> > >remove the policy and allow local login. i also have
> > access through
> > >management console on another machine.
> > >
> > >what i was doing was trying to just lock out
> > the "administrator" account
> > >from logging in and anyone in the users group, but it
> > looks like i managed
> > >to just lock everyone out. (i even created a user who was
> > not a member of
> > >the users group nor the admin group, but he still couldnt
> > log in either)
> > >
> > >
> > >this is a stand alone server, not running as a domain
> > controller. should i
> > >be looking for a file on disk? should i be looking for a
> > registry entry? i
> > >cant seem to locate anything in either that looks like
> > what i need.
> > >
> > >any help would be greatly appreciated
> > >
> > >Casey Boone
> > >
> > >
> > >.
> > >
>
>

Next message: Tibor Biro: "encryption"
Previous message: Eric Dycus: "Re: How to update workstations to IE Security update"
In reply to: Casey Boone: "Re: local security policy"
Next in thread: Tibor Biro: "Re: got it!"
Reply: Tibor Biro: "Re: got it!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: got it!
... Hi Casey, ... >> ive managed to force it to run a batch file on each system startup (via ... >> im playing with secedit commands ran via that to see what i can make it ... You also have to lower the version of the policy, ...
(microsoft.public.win2000.security)
Re: Backup using Scheduler
... We are using a batch file that has RAR ... > to backup files we want. ... I have included the batch file in the scheduler ...
(microsoft.public.windows.server.general)
Re: Daily backup fails to run after first day
... because the scheduled job runs once but fails the ... Prompt as under the Task Scheduler? ... There's no need to run batch file. ... >> examine the two log files each time. ...
(microsoft.public.windows.server.general)
Re: task scheduler
... When I sent you a copy of the batch file i might have ... @echo offrem SCT Payment Client Startup for Banner Webrem AUDIT TRAIL: ... rem SCT Payment Client Startup for Banner Webrem AUDIT TRAIL: ... Task that run under the Task Scheduler are designed ...
(microsoft.public.windowsxp.general)
Re: Task Scheduler Fails, But Not All the Time
... into the batch file below, ... echo %date% %time% Start of task> c:\test.log ... Now examine the two log files. ... In most Task Scheduler posts the ...
(microsoft.public.windowsxp.general)