Re: Locked out by local policy

From: Steven L Umbach (sumbach_at_ameritech.net)
Date: 08/07/03

• Next message: Steven: "Help: Error Message "iKernel.exe Specified network name is no longer valid""
• Previous message: Lanwench [MVP - Exchange]: "Re: Random Account Lockouts"
• In reply to: John Gopel: "Locked out by local policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 07 Aug 2003 15:21:46 GMT

      It does not have to be in a domain to access it remotely - you just
need to know administrator account name and password. You are going to have
to run gpedit.msc on another network machine to manage the group policy
remotely. Then you will have to copy a batch file over to it via an
administrative share [c$] and configure that batch file to run as a startup
script via group policy and reboot. The batch file will need to use secedit
to reconfigure the Local Group Policy. Remove the startup script when done.
Use this command in your batch file without brackets -- [ secedit
/configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /areas
user_rights ]. Just copy it into notepad and save it as something like
fixur.bat. --- Steve

http://www.jsiinc.com/sube/tip2100/rh2147.htm

"John Gopel" <johngopel@yahoo.com> wrote in message
news:070601c35cbc$0155c0b0$a601280a@phx.gbl...
> I have locked the administrator out. The administrator
> account is denied local login after I added "User" to the
> list of accounts who are not allowed to login locally
> (Admin tools>Local policy). I was not aware of
> that "Administrators" is a subgroup of "User" (I am now
> though). The real problem is that the computer is a stand-
> alone computer acting as a file server, i.e it does not
> belong to a domain. In other words I don't think I can
> logon remotely and change back the settings as suggested
> elsewhere.
>
> Windows 2000 Server is installed on the computer and it is
> connected to a local network.
>
> Please help!
>
> John

---

• Next message: Steven: "Help: Error Message "iKernel.exe Specified network name is no longer valid""
• Previous message: Lanwench [MVP - Exchange]: "Re: Random Account Lockouts"
• In reply to: John Gopel: "Locked out by local policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: How to launch program only for certain group> ... If you start your program with 'start /w myprogram' it will not end the batch file until the program exits. ... @REM Launch MyProgram except if Administrator ... I then designate this batch file run by using the Group Policy Editor on the TS Server: ... (microsoft.public.windows.terminal_services) Re: Administrator restricted - Control Panel Missing ... If you did not specifically set up Group Policy to restrict access to ... The command net users will display user accounts and net user username will ... type of administrator. ... the control panel was missing. ... (microsoft.public.windowsxp.security_admin) Re: Run application on remote login ... Microsoft MVP - Terminal Services ... Policy in group policy management where administrators is listed, allowed permissions are Read (from security filtering) right click gives options 'Read, Edit settings, Edit settings, delete, modify' but nothing to say 'deny apply this policy'. ... Add the Administrator account. ... (microsoft.public.windows.terminal_services) Re: Domain Users to have Local Admin rights ... Group Policy because a new policy doesn't wana work. ... to local Administrator group on all the computers. ... We have various admin accounts other then administrator ... (microsoft.public.windows.server.security) Re: Run application on remote login ... going off the top of my head) not read permissions. ... Microsoft MVP - Terminal Services ... Policy in group policy management where administrators is listed, ... Administrator Accounts and Selected Users in Windows Server ... (microsoft.public.windows.terminal_services)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)