Help! Domain Security Policy stops access to AD for all!
From: James Raaymakers MCSE (firstname.lastname@example.org)
- Next message: Patrick: "Re: lost cert server"
- Previous message: Keith W. McCammon: "Re: lost cert server"
- In reply to: Jason G: "Help! Domain Security Policy stops access to AD for all!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "James Raaymakers MCSE" <email@example.com> Date: Tue, 4 Feb 2003 10:19:39 -0800
J, research the SECEDIT command. You may be able to import
a security template using the SECEDIT command. Something
secedit /db basicdc.inf
Hope this works.
>This policy actually disallows local access to the AD
>Any more clues?
>>Are you using the Active Directory Administrators Tools
>>a client to edit Active Directory remotely from the
>>client? Can an administrator open Active Directory Users
>>and Computers locally on the Domain Controller? This
>>policy prohibits users from accessing the computer from
>>the network, so with this policy set and the
>>administrators group added and you are using
>>administrative tools from a client to administer Active
>>Directory remotely this makes sense. Just log on locally
>>to the Domain Controller as an administrator and remove
>>the administrators group from the list.
>>Hope this helps
>>>One of my clients has changed their domain security
>>>policy and set User Rights Assignment/Deny Access to
>>>computer from the network - and has added users to this!
>>>Anyone know a way to get rid of this?
>>>Effect is no access to :
>>>-AD Users & Computers
>>>-AD Domains & trusts
>>>-AD Sites & Service
>>>-MMC/GP edit (attempting to access domain policies)
>>>The client (despite advice!) hasn't backed anything up