Help! Domain Security Policy stops access to AD for all!

From: James Raaymakers MCSE (jamesraa@pacbell.net)
Date: 02/04/03


From: "James Raaymakers MCSE" <jamesraa@pacbell.net>
Date: Tue, 4 Feb 2003 10:19:39 -0800


J, research the SECEDIT command. You may be able to import
a security template using the SECEDIT command. Something
like this

secedit /db basicdc.inf

Hope this works.
James

>-----Original Message-----
>This policy actually disallows local access to the AD
>too....
>
>Any more clues?
>
>J
>
>
>>-----Original Message-----
>>Are you using the Active Directory Administrators Tools
>on
>>a client to edit Active Directory remotely from the
>>client? Can an administrator open Active Directory Users
>>and Computers locally on the Domain Controller? This
>>policy prohibits users from accessing the computer from
>>the network, so with this policy set and the
>>administrators group added and you are using
>>administrative tools from a client to administer Active
>>Directory remotely this makes sense. Just log on locally
>>to the Domain Controller as an administrator and remove
>>the administrators group from the list.
>>Hope this helps
>>
>>>-----Original Message-----
>>>Hi,
>>>
>>>One of my clients has changed their domain security
>>>policy and set User Rights Assignment/Deny Access to
>this
>>>computer from the network - and has added users to this!
>>>
>>>Anyone know a way to get rid of this?
>>>
>>>Effect is no access to :
>>>
>>>-AD Users & Computers
>>>-AD Domains & trusts
>>>-AD Sites & Service
>>>-MMC/GP edit (attempting to access domain policies)
>>>-Manage computer
>>>etc. etc.
>>>
>>>The client (despite advice!) hasn't backed anything up
>>>too recently.
>>>
>>>PLEASE help!
>>>
>>>Thanks,
>>>
>>>Jason
>>>.
>>>
>>.
>>
>.
>