Help! Domain Security Policy stops access to AD for all!

From: James Raaymakers MCSE (
Date: 02/04/03

From: "James Raaymakers MCSE" <>
Date: Tue, 4 Feb 2003 10:19:39 -0800

J, research the SECEDIT command. You may be able to import
a security template using the SECEDIT command. Something
like this

secedit /db basicdc.inf

Hope this works.

>-----Original Message-----
>This policy actually disallows local access to the AD
>Any more clues?
>>-----Original Message-----
>>Are you using the Active Directory Administrators Tools
>>a client to edit Active Directory remotely from the
>>client? Can an administrator open Active Directory Users
>>and Computers locally on the Domain Controller? This
>>policy prohibits users from accessing the computer from
>>the network, so with this policy set and the
>>administrators group added and you are using
>>administrative tools from a client to administer Active
>>Directory remotely this makes sense. Just log on locally
>>to the Domain Controller as an administrator and remove
>>the administrators group from the list.
>>Hope this helps
>>>-----Original Message-----
>>>One of my clients has changed their domain security
>>>policy and set User Rights Assignment/Deny Access to
>>>computer from the network - and has added users to this!
>>>Anyone know a way to get rid of this?
>>>Effect is no access to :
>>>-AD Users & Computers
>>>-AD Domains & trusts
>>>-AD Sites & Service
>>>-MMC/GP edit (attempting to access domain policies)
>>>-Manage computer
>>>etc. etc.
>>>The client (despite advice!) hasn't backed anything up
>>>too recently.
>>>PLEASE help!