Help! Domain Security Policy stops access to AD for all!

From: James Raaymakers MCSE (jamesraa@pacbell.net)
Date: 02/04/03 

From: "James Raaymakers MCSE" <jamesraa@pacbell.net>
Date: Tue, 4 Feb 2003 10:19:39 -0800

J, research the SECEDIT command. You may be able to import
a security template using the SECEDIT command. Something
like this

secedit /db basicdc.inf

Hope this works.
James

>-----Original Message-----
>This policy actually disallows local access to the AD
>too....
>
>Any more clues?
>
>J
>
>
>>-----Original Message-----
>>Are you using the Active Directory Administrators Tools
>on
>>a client to edit Active Directory remotely from the
>>client? Can an administrator open Active Directory Users
>>and Computers locally on the Domain Controller? This
>>policy prohibits users from accessing the computer from
>>the network, so with this policy set and the
>>administrators group added and you are using
>>administrative tools from a client to administer Active
>>Directory remotely this makes sense. Just log on locally
>>to the Domain Controller as an administrator and remove
>>the administrators group from the list.
>>Hope this helps
>>
>>>-----Original Message-----
>>>Hi,
>>>
>>>One of my clients has changed their domain security
>>>policy and set User Rights Assignment/Deny Access to
>this
>>>computer from the network - and has added users to this!
>>>
>>>Anyone know a way to get rid of this?
>>>
>>>Effect is no access to :
>>>
>>>-AD Users & Computers
>>>-AD Domains & trusts
>>>-AD Sites & Service
>>>-MMC/GP edit (attempting to access domain policies)
>>>-Manage computer
>>>etc. etc.
>>>
>>>The client (despite advice!) hasn't backed anything up
>>>too recently.
>>>
>>>PLEASE help!
>>>
>>>Thanks,
>>>
>>>Jason
>>>.
>>>
>>.
>>
>.
>

Relevant Pages

  • Help! Domain Security Policy stops access to AD for all!
    ... Are you using the Active Directory Administrators Tools on ... a client to edit Active Directory remotely from the ...
    (microsoft.public.win2000.security)
  • Help! Domain Security Policy stops access to AD for all!
    ... This policy actually disallows local access to the AD ... >Are you using the Active Directory Administrators Tools ... >a client to edit Active Directory remotely from the ...
    (microsoft.public.win2000.security)
  • Re: How Can I Allow Access From The Internet to Only Selected User
    ... users, groups, client ip address ranges, client computer naming conventions ... All users can access Terminal Server from inside the network ... "select remote users" and enter in th administrators group. ...
    (microsoft.public.windows.terminal_services)
  • Re: Needing advice for administrative rights....
    ... > Administrator group on PCs using the Restricted Groups functionality. ... >>>recommend web surfing for search strings such as "active directory delegation" ... >>>>We currently have a situation all technicians are domain administrators. ... >>>>have many PCs and many trainees so it is not a practicle solution. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Use Active Directory to set work station local rights
    ... then anyone can still be made a member of the local Administrators ... > workstation that has the ADMINPAK installed...Otherwise, ... > Microsoft Active Directory MVP ... >> adding the specific user to the local administrators group. ...
    (microsoft.public.win2000.active_directory)