PLEASE help: After Changing User Rights can no longer logon on to machine

From: AP (
Date: 01/24/03

From: "AP" <>
Date: Fri, 24 Jan 2003 14:18:31 -0800

More info. After posting this I read more and tried moving
out the SAM files in the Win2k Repair and Config
directories. I also replaced the secedit.sdb in the
Security\Database directory with one from another machine
running the same version of Win2K. Now I'm able to log in
with my Domain user account but still getting the same
error when trying to logon as the local Admin. I checked
the Admin group and the local Admin user and Domain Admin
group are included.

Hope this helps, Thanks.

>-----Original Message-----
>I have a Win2K (SvPk3) machine that's in a Domain. The
>local machine has one local user account, and the local
>Admin account. Both of these along with my Domain user
>account are in the local Admin group. I logged onto the
>local machine as the local user and changed the "Local
>Secuity Settings"/"User Rights Assignment". I believe I
>accidently added the local Admin group to the "Deny Logon
>locally" because now no matter how I try to logon, i.e.,
>with the local user or admin accounts or my Domain user
>account, I get the msg: "The local policy of this system
>does not permit yoiu to logon interactively". I tried
>many many different ways to get around this, including
>Domain "super" Admin logon. But he couldn't access
>the "Local Secuity Settings" or add a new user. He even
>tried running "ntrights.exe" from the W2K Resource Kit
>was denied as well.
>The machine is dual boot to WinNT.4/Svpk6 so I can get to
>the hard drive. Is there something I can delete in the
>Win2K directory? Or is there some utility that will
>override these settings and let me reset things?
>Thanks so much for your help.