Re: got it!

From: Tibor Biro (tiborbiro@rogers.com)
Date: 08/24/02 

From: "Tibor Biro" <tiborbiro@rogers.com>
Date: Fri, 23 Aug 2002 18:00:57 -0400

Hi Casey,

Good job! I'm really glad you got it fixed. Your solution is better than
what I suggested (a shameless hack), I'll store it for future reference.

All the best.
Tibor Biro

"Casey Boone" <caseyb@yourclearwave.com> wrote in message
news:eTHS0isSCHA.4260@tkmsftngp09...
> w00t w00t
>
> set up a batch file in the winnt folder so i could run a series of
commands
> (ran the batch from the task scheduler)
> extracted to .inf files, found what i needed to edit
>
> used this line in the batch to finally get it imported and changed (it was
> stalling, and finally i realized it was asking me a question, so i made it
> answer the question on its own)
> echo y | secedit /configure /db C:\WINNT\security\Databases\secedit.sdb
/cfg
> C:\sec.userrights2.inf /overwrite /areas USER_RIGHTS /log
> c:\sec.userrights.log /quiet > c:\sec.userrights.7.log
>
> sec.userrights2.inf was a file that only altered the deny login so that it
> was set to noone being denied login
>
> and then i was in :)
>
>
> i appreciate all your help, this wouldnt have been possible without you
> pointing me in the right direction.
>
> now i just have to clean up after all my break in attempts, no big deal :)
>
> Casey
>
>
> "Casey Boone" <caseyb@yourclearwave.com> wrote in message
> news:um8$eLhSCHA.1976@tkmsftngp11...
> > ive managed to force it to run a batch file on each system startup (via
a
> > remote group policy edit)
> >
> > im playing with secedit commands ran via that to see what i can make it
> > export and import, i will keep you posted of my progress
> >
> > all in all i think i should find this to be hilarious... at least if i
> wasnt
> > the one responsible for it happening in the first place :\
> >
> > Casey
> >
> >
> > "Tibor Biro" <tiborbiro@rogers.com> wrote in message
> > news:1f6801c249e7$21069df0$9be62ecf@tkmsftngxa03...
> > > Hi there,
> > >
> > > The local security database (at least the user rights
> > > assignment part) is placed in
> > > C:\WINNT\security\Database\secedit.sdb. If you have a
> > > recent backup of that file you can restore it and try it
> > > out. You also have to lower the version of the policy,
> > > this one is in the C:\WINNT\system32\GroupPolicy\gpt.ini
> > > file. Put it to 1 or something lower than whatever you
> > > currently have.
> > >
> > > After this you want to make sure that the policy is
> > > propagated so run these commands on the target machine
> > > (you can use the scheduler to schedule remotely):
> > > secedit /refreshpolicy user_policy /enforce
> > > secedit /refreshpolicy machine_policy /enforce
> > >
> > > This might do the trick, let me know how it goes.
> > >
> > > And finally a warning:
> > > I tested this but there is no guarantee that it will do
> > > any good so please take the necessary precautions.
> > >
> > > Regards,
> > > Tibor Biro
> > >
> > >
> > > >-----Original Message-----
> > > >i was altering some settings in the local security policy
> > > app, wasnt
> > > >finished with them, but i had to pause what i was doing
> > > to take care of
> > > >something else.
> > > >
> > > >one of the other techs wasnt aware of what i was doing
> > > and logged me out
> > > >thinking it best (as my account has admin rights, we have
> > > a standing policy
> > > >that you dont leave yourself logged in at the server with
> > > an account with
> > > >admin rights)
> > > >
> > > >now i cant log into the server (noone can)
> > > >
> > > >i do seem to have remote registry access (and i have the
> > > login/pass-es for
> > > >all of the ppl in the administrator group) i just cannot
> > > find where to go to
> > > >remove the policy and allow local login. i also have
> > > access through
> > > >management console on another machine.
> > > >
> > > >what i was doing was trying to just lock out
> > > the "administrator" account
> > > >from logging in and anyone in the users group, but it
> > > looks like i managed
> > > >to just lock everyone out. (i even created a user who was
> > > not a member of
> > > >the users group nor the admin group, but he still couldnt
> > > log in either)
> > > >
> > > >
> > > >this is a stand alone server, not running as a domain
> > > controller. should i
> > > >be looking for a file on disk? should i be looking for a
> > > registry entry? i
> > > >cant seem to locate anything in either that looks like
> > > what i need.
> > > >
> > > >any help would be greatly appreciated
> > > >
> > > >Casey Boone
> > > >
> > > >
> > > >.
> > > >
> >
> >
>
>

Relevant Pages

  • got it!
    ... set up a batch file in the winnt folder so i could run a series of commands ... You also have to lower the version of the policy, ... >> (you can use the scheduler to schedule remotely): ...
    (microsoft.public.win2000.security)
  • RE: Power Management settings via Registry
    ... When responding to posts, please "Reply to Group" via your newsreader so ... this can be done through a policy using the ... Copy the powercfg.exe and the batch file to the netlogon share ... Power Management settings via Registry ...
    (microsoft.public.windowsxp.security_admin)
  • Re: please help.
    ... How do I write or find this batch file? ... pings a box on your network, and if that ping fails, then the app doesn't ... to test ping success but let us know if you can't find it. ... We have one policy to set running customized application at user's start ...
    (microsoft.public.windows.group_policy)
  • Re: Default Display Setting using Group Policy
    ... Does this mean it cannot be done using Group Policy?? ... "Gurpreet Singh" wrote: ... and make a batch file screenres.bat with the command ... these new Dells with 21" inch high resolution LCD's, ...
    (microsoft.public.windowsxp.general)
  • Re: Policty to disable shutdown only
    ... I understand there is no such policy and I will go with the script. ... but allow Restart for the clients. ... the Restart button will also be disabled. ... we can use a batch file to work around this problem. ...
    (microsoft.public.windows.server.sbs)