Re: Local security policy HELP

From: Karl Levinson [x y] MVP (levinson_k@excite.com)
Date: 10/25/02

• Next message: NeoSadist: "Re: Direct Ad Pop-Ups"
• Previous message: !ollie: "I found a way to Decrypt encrypted win2k files - fingers crossed."
• In reply to: Rob Weisskirch: "Local security policy HELP"
• Next in thread: NeoSadist: "Re: Local security policy HELP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Karl Levinson [x y] MVP" <levinson_k@excite.com>
Date: Fri, 25 Oct 2002 12:53:26 -0400

"Rob Weisskirch" <rob_weisskirch@csumb.edu> wrote in message
news:cf4b01c27c44$c620bd90$37ef2ecf@TKMSFTNGXA13...
> I accidentally changed a setting on Windows 2000
> professional that disabled my ability to logon
> interactively. I changed the local security policy.
>
> I do not know the administrator username or password since
> it was subsumed when I upgraded to 2000.
>
> It will allow me to dialup but that doesn't help to logon
> to my own computer.
>
> Does anyone know a way around this?
>
> Thanks,
>
> Rob

You could try logging into the computer using another login ID [such as
Administrator] that might still have this permission to log on
interactively.

OR, if the computer is joined to an Active Directory domain, you could use
Group Policy to change the settings on the computer and reboot the computer
or wait 90 minutes or so for the changes to take effect.

OR, you could try the tip below:

www.jsifaq.com/SUBG/TIP3300/rh3361.htm

OR, the NTRIGHTS.EXE tool can also be used to reset this permission remotely
using another computer on the same network. Note that the Deny Interactive
Logon setting takes precedence over the Allow Interactive Logon setting.
So, if the problem is that the Administrator ID is in a group that has been
assigned the Deny Interactive Logon setting, using NTRIGHTS to add the
Administrator to the Allow Interactive Logon list will not fix the problem.
Instead, you would need to also determine the group that has been added to
the Deny Interactive Logon list and use NTRIGHTS to remove that group from
the list.

More information can be found in the articles below:

http://www.jsifaq.com/SUBI/tip4100/rh4187.htm
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q276590
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q152478
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q227904
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q276580
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q276590 - Using
NTRIGHTS.EXE

While some of the Windows Resource Kit utilities are available for free
download at www.microsoft.com/windows2000/techinfo/reskit/tools, the
utilities discussed here do not appear to be available for free. The
Windows Resource Kit books and CDs are available for purchase at a variety
of stores and web sites where books and software are sold [such as
www.bn.com, www.amazon.com, www.bestbuy.com, www.microsoft.com, etc.] A
full list of Windows 2000 Resource Kit tools is available at:
www.microsoft.com/windows2000/techinfo/reskit/rktour/server/S_tools.asp

OR, manually renaming the SAM files at C:\WINNT\SYSTEM32\CONFIG\SAM and
C:\WINNT\REPAIR\SAM might also fix this problem [and would also delete all
other local accounts which you had created on your computer, and reset the
Administrator password to be blank].

This can be done by booting from a DOS or Windows 9x boot floppy [though if
your hard drive is formatted in NTFS format, you can't rename files this way
unless you purchase NTFSDOS Pro from www.winternals.com ]. You can also
rename the SAM files by moving the hard drive from the computer to another
Windows 2000/XP/NT computer, or by installing a second copy of Windows
2000/XP/NT to a different folder on the computer.

[Thanks to Raymond Sinnappan, Sandi Hardmeier and others]

If none of these help, try booting into Safe Mode or Recovery Console mode
and see if you can run the NTRIGHTS utility from a floppy.

• Next message: NeoSadist: "Re: Direct Ad Pop-Ups"
• Previous message: !ollie: "I found a way to Decrypt encrypted win2k files - fingers crossed."
• In reply to: Rob Weisskirch: "Local security policy HELP"
• Next in thread: NeoSadist: "Re: Local security policy HELP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows Logon Screen Changed and classic style now shows.... ... computer you have a box in classic style saying windows is logging off. ... login name is the administrator with NO password. ... One of the updates for .net framework adds a user account. ... what causes the extra logon step. ... (microsoft.public.windowsxp.accessibility) Re: Windws XP Log-on problem HELP! ... my normal boot up does not require a logon. ... administrative privileges you can log into that account and change your ... you'll need to log into the built-in Administrator account. ... "Administrator" and whatever password you assigned when you set up Windows. ... (microsoft.public.windowsxp.security_admin) Re: Windows Logon Problem ... Not sure what is meant by 'limited' user accounts, but here is what I can ... post before screwing up the Logon. ... The password for the built in Windows Administrator account is normally ... (microsoft.public.windowsxp.help_and_support) Re: WAS unable to log in to XP Pro ... Renaming the Computer is what I tried to do, but I think I might have typed ... incorrectly too many times and disabled the logon entirely. ... on as this user to any other PC and as the Administrator at any other PC is ... I was able to get onto Windows but no ... (microsoft.public.windowsxp.security_admin) Re: How to force a logoff in a logon script? ... Windows has a registry key that governs which UI will be presented ... the unauthorized user cancels the logon dialog and goes away ... system, but complains that there was no cancel button, only an OK ... (microsoft.public.windows.server.scripting)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint