PLEASE help: After Changing User Rights can no longer logon on to machine

From: AP (
Date: 01/24/03

From: "AP" <>
Date: Fri, 24 Jan 2003 14:18:31 -0800

More info. After posting this I read more and tried moving
out the SAM files in the Win2k Repair and Config
directories. I also replaced the secedit.sdb in the
Security\Database directory with one from another machine
running the same version of Win2K. Now I'm able to log in
with my Domain user account but still getting the same
error when trying to logon as the local Admin. I checked
the Admin group and the local Admin user and Domain Admin
group are included.

Hope this helps, Thanks.

>-----Original Message-----
>I have a Win2K (SvPk3) machine that's in a Domain. The
>local machine has one local user account, and the local
>Admin account. Both of these along with my Domain user
>account are in the local Admin group. I logged onto the
>local machine as the local user and changed the "Local
>Secuity Settings"/"User Rights Assignment". I believe I
>accidently added the local Admin group to the "Deny Logon
>locally" because now no matter how I try to logon, i.e.,
>with the local user or admin accounts or my Domain user
>account, I get the msg: "The local policy of this system
>does not permit yoiu to logon interactively". I tried
>many many different ways to get around this, including
>Domain "super" Admin logon. But he couldn't access
>the "Local Secuity Settings" or add a new user. He even
>tried running "ntrights.exe" from the W2K Resource Kit
>was denied as well.
>The machine is dual boot to WinNT.4/Svpk6 so I can get to
>the hard drive. Is there something I can delete in the
>Win2K directory? Or is there some utility that will
>override these settings and let me reset things?
>Thanks so much for your help.

Relevant Pages

  • Re: Error when pushing down package to client
    ... Administrator account on their system and run the same program it works fine. ... > If you specify that admin rights are required then advanced clients use the ... > Localsystem is a built-in account that always has local admin privileges. ... >> The domain user account does not have admin privileges on the computer. ...
  • Re: Adding user domain accounts
    ... Try to remove the computer from the domain, delete the account from AD ... Now I want to give a domain user admin rights on ... >the domain admin sid is not there correctly (it gives me ...
  • only read admin rights
    ... ('binary' encoding is not supported, ... I would like to know if there is a way to create an account on a win2K ... machine, that has admin rights to be able to look anywhere in the machine, ...
  • Re: Logoff Automatically
    ... As I have tested, it works on Windows 2000 member server, with admin ... account. ... I agree that the KB should add win2k in it. ... You can also click Send Feedback to provide your view here. ...
  • Re: Incoming E-Mail - cant create contact in OU
    ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...