Re: Recover from log on locally domain setting
From: MTNL (v_priyan_at_hotmail.com)
Date: 05/21/04
- Next message: GoHack: "Outlook Express is removing my email attachments?"
- Previous message: Steven L Umbach: "Re: Search for 'Backdoor'"
- In reply to: Steven L Umbach: "Re: Recover from log on locally domain setting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 May 2004 21:56:40 -0700
Thanks Steve,
I ll try this and come back to you
>-----Original Message-----
>Can you log onto a domain controller?? If you can you
should be able to
>reverse the policy setting that has you locked out for
domain users.
>Changing the domain policy for logon locally should NOT
affect domain
>controllers in a default installation.
>
>If that does not work for some reason. Logon to a
computer with a local
>account that has domain administrator priviliges. You may
need to create
>that account first. The go to Network Places and find
your domain
>controller - preferrably the pdc fsmp role holder. Go to
the sysvol share.
>Find the domain name, go to policies, select the first
one which should be
>default domain policy and then go to
machine/Microsoft/Windows Nt/secedit
>and open the GptTmpl.inf file. Go down to the end where
there is a heading
>for [Privilige Rights]. Make sure you have a line that
looks exactly like
>this [ SeInteractiveLogonRight = *S-1-5-11 ] without the
brackets. That
>allows authenticated users to logon locally. If you have
a line for [
>SeDenyInteractiveLogonRight = ] with a sid number in it
then delete the
>whole line. After finishing that and saving it, hit the
back button four
>times and you should find the gpt.ini file for the domain
GPO. Open it and
>bump up the serial number by 10 and save it. Wait a few
minutes nad try
>rebooting one of your domain computers to see if you can
logon. If that does
>not work you will also have to do the same for the other
GptTmpl.inf and
>gpt.ini files for the other GPO's as they may be
overriding the domain GPO.
>Good luck. --- Steve
>
>"MTNL" <v_priyan@hotmail.com> wrote in message
>news:b46e01c43752$8853b650$a301280a@phx.gbl...
>> Dear Steve,
>> The problem is we had not set the Domain Controller
>> Security Policies.
>> So the system is taking the domain security policies.
>> Is there any way to come out of it?
>>
>> Thanks
>> MTNL
>>
>> >-----Original Message-----
>> >You should still be able to logon to your domain
>> controller since domain policy
>> >should not override domain controller policy for user
>> rights and change the setting
>> >back. --- Steve
>> >
>> >
>> >"MTNL" <v_priyan@hotmail.com> wrote in message
>> >news:959501c4337b$3ba3c8c0$a301280a@phx.gbl...
>> >> Accidentally we enforced the log on locally option on
>> the
>> >> domain security policy without any user .
>> >> Now no one is allowed to log in to the system
>> >> Kindly help us to come out of this.
>> >> thanks
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: GoHack: "Outlook Express is removing my email attachments?"
- Previous message: Steven L Umbach: "Re: Search for 'Backdoor'"
- In reply to: Steven L Umbach: "Re: Recover from log on locally domain setting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
