Re: administrator unable to logon interactively

From: Steven L Umbach (n9rou@attbi.com)
Date: 10/20/02 

From: "Steven L Umbach" <n9rou@attbi.com>
Date: Sun, 20 Oct 2002 00:31:35 GMT

       You can't modify security settings remotely that way (everything
but). Hopefully you have been doing system state backups and a authoritatve
restore should fix the problem. There is another way though if that is not
an option assuming you can access the dcs' administrative shares from
another computer. You could create a startup script that uses secedit to
modify the security settings. You could use or create a security template
that would either merge or replace the current security settings. You would
need to copy the .inf template and script to the dc and then remotely modify
startup script group policy on the dc controllers from a mmc group policy
snap in on another domain machine. Reboot the dc and you should be in
business. If you are not familiar with secedit, the online help for it is
pretty extensive. Good luck. --- Steve

"neo [mvp outlook]" <neo@mvps.org> wrote in message
news:ulx4un2dCHA.1540@tkmsftngp11...
> Have you tried installing the administrative pack on a windows 2000 member
> server/workstation and modify the domain policy from there?
>
> "praks25" <praks25@aol.com> wrote in message
> news:748001c27700$a0dfebd0$3bef2ecf@TKMSFTNGXA10...
> > A member of the administrators group accidentally removed
> > the "administrators" group from rights to logon
> > interactively in the "domain controller policy settings"
> > at the domain controller. this was immediately replicated
> > to the secondary domain controller and no one in the
> > administrators group including the administrator can logon
> > to the primary domain controller or the secondary domain
> > controller.
> > the message received at logon attempts is this
> > " the group policy of this system does not allow you to
> > logon interactively"
> > Is there anyway to fix this problem?
> > Since the administrator cannot logon interactively the
> > domain cannot be administered.
> > any help would be appreciated
> > thank You
> > praks25
>

Relevant Pages

  • Re: administrator unable to logon interactively
    ... security settings via the Domain Controller group policy object? ... >>> administrators group including the administrator can logon ...
    (microsoft.public.win2000.security)
  • Re: administrator unable to logon interactively
    ... > restore should fix the problem. ... > startup script group policy on the dc controllers from a mmc group policy ... >>> to the secondary domain controller and no one in the ... >>> administrators group including the administrator can logon ...
    (microsoft.public.win2000.security)
  • Re: Domain Admin Rights on XP PRO
    ... the domain controller must only point to itself via it's static IP address ... workstations must point ONLY to the domain controller as their preferred DNS ... Use the command net localgroup administrators to verify membership ... domain/OU Group Policy via GP "filtering" or GP structure then Group Policy ...
    (microsoft.public.windowsxp.security_admin)
  • Re: user and administrator policies
    ... All you really need to do is give "administrators" deny for apply. ... Be sure to install Group Policy Management Console on your domain controller ... FYI Windows 2003 and XP Pro can use Software Restriction Policies managed ... > administrators mchs\administrators deny group policy ...
    (microsoft.public.win2000.security)
  • Re: Lack Sufficient Administrator Privileges
    ... > Can you open Group Policy editor as in gpedit.msc and if so did you make the ... When you run the command net localgroup administrators ... > root/drive folder, the program files folder, the \Windows folder, the ... >> trying to install Quicktime, ...
    (microsoft.public.windowsxp.security_admin)