Help! Domain Security Policy stops access to AD for all!

From: James Raaymakers MCSE (jamesraa@pacbell.net)
Date: 02/04/03 

From: "James Raaymakers MCSE" <jamesraa@pacbell.net>
Date: Tue, 4 Feb 2003 09:09:29 -0800

Are you using the Active Directory Administrators Tools on
a client to edit Active Directory remotely from the
client? Can an administrator open Active Directory Users
and Computers locally on the Domain Controller? This
policy prohibits users from accessing the computer from
the network, so with this policy set and the
administrators group added and you are using
administrative tools from a client to administer Active
Directory remotely this makes sense. Just log on locally
to the Domain Controller as an administrator and remove
the administrators group from the list.
Hope this helps

>-----Original Message-----
>Hi,
>
>One of my clients has changed their domain security
>policy and set User Rights Assignment/Deny Access to this
>computer from the network - and has added users to this!
>
>Anyone know a way to get rid of this?
>
>Effect is no access to :
>
>-AD Users & Computers
>-AD Domains & trusts
>-AD Sites & Service
>-MMC/GP edit (attempting to access domain policies)
>-Manage computer
>etc. etc.
>
>The client (despite advice!) hasn't backed anything up
>too recently.
>
>PLEASE help!
>
>Thanks,
>
>Jason
>.
>

Relevant Pages

  • Help! Domain Security Policy stops access to AD for all!
    ... This policy actually disallows local access to the AD ... >Are you using the Active Directory Administrators Tools ... >a client to edit Active Directory remotely from the ...
    (microsoft.public.win2000.security)
  • Help! Domain Security Policy stops access to AD for all!
    ... J, research the SECEDIT command. ... >>Are you using the Active Directory Administrators Tools ... >>a client to edit Active Directory remotely from the ...
    (microsoft.public.win2000.security)
  • Re: How Can I Allow Access From The Internet to Only Selected User
    ... users, groups, client ip address ranges, client computer naming conventions ... All users can access Terminal Server from inside the network ... "select remote users" and enter in th administrators group. ...
    (microsoft.public.windows.terminal_services)
  • Re: Distribution of Software while logged off
    ... > I can also browse the admin$ share just fine from the server side. ... > The smspush account is a domain admin, and just for the heck of it, I put it under administrators. ... >> needs and organization structure. ... >> What I have it doing now is the client gets pushed to the box at the XP ...
    (microsoft.public.sms.swdist)
  • Re: Error on migrating XP client on NT 4.0 Domain into WINDOWS 2003 AD
    ... I haven't tested 2000 client ... installed machine on target domain, so it should be alright as source ... domain's domain admins group should be added into administrators group on XP ... Active Directory Migration Tool Agent Dialog. ...
    (microsoft.public.windows.server.migration)