Re: Local policy logon interactively on remote laptop

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/12/04 

Date: Mon, 12 Jul 2004 18:52:20 GMT

That is a bad situation and there is no easy way to correct that without rebooting on
the lan. Computer policy is not supposed to be easily overridden. Removing a computer
from the domain may be one way, but that is not an option for him since he can not
logon.

Computer configuration also can applies to local user accounts. If the local
administrator was exempt from the policy, have him try to logon as the built in local
administrator account.

Otherwise the computer will have to be brought back to the lan or have the operating
system reinstalled where he is at. A parallel installation of the operating system or
slaving the hard drive in another computer running W2K/XP Pro would allow the user to
access his data files before a reinstall. Note that access to EFS encrypted files
will be lost after a reinstall unless the user has backed up his EFS private keys to
a .pfx file or a Recovery Agent is available which may be a domain
dministrator. --- Steve

"Pete" <anonymous@discussions.microsoft.com> wrote in message
news:2be1001c46833$469a3ab0$a301280a@phx.gbl...
> A domain policy was inadvertanly applied denying local
> logon to anyone but the specified user in the policy.
> This was corrected and those connected to the LAN were
> able to logon after the correction.
>
> A remote user dials in via VPN, receives the incorrectly
> configured policy and then disconnects. The user than
> logs off/restarts the laptop and is now unable to log in.
>
> Remote user...meaning this person is not on a LAN where he
> can receive an updated policy which would correct the
> login issue.
>
> As a remote user who can't log on, even via Safe Mode,
> what options are there to be had in correcting the mis-
> applied policy?
>
> Login via-dialup isn't an option for this user.
>
> Any information leading to a solution is appreciated.
>
> -Pete

Relevant Pages

  • Re: RH Fedora as my gateway
    ... > Turn off the FW till you get LAN connected properly. ... > RH gw or the gw listed in route table? ... >> Chain FORWARD (policy DROP) ...
    (comp.os.linux.networking)
  • Netscreen policies using domain names - having problems
    ... This device is a bit of overkill for my needs, but the lan to lan VPN ... I create the policy that allows the kids' computer access to sites ...
    (comp.security.firewalls)
  • Re: checkpoint secure client VPN-1
    ... > When PC's with the SecureClient are on the LAN the software reverts to the ... > Default policy and the firewall blocks all traffic coming to it i.e. ... > cannot ping the clients nor push my Antivirus installations, ...
    (comp.security.firewalls)
  • Local policy logon interactively on remote laptop
    ... A domain policy was inadvertanly applied denying local ... logon to anyone but the specified user in the policy. ... able to logon after the correction. ... Remote user...meaning this person is not on a LAN where he ...
    (microsoft.public.win2000.security)
  • Re: iptables and vpn...
    ... Don't you allow all the traffic to go out from your lan? ... global policy you set: if policy to drop all then setup to allow rule in ... prerouting chain and the also in forward chain for 1723 port and protocol 47 ... > I have a Linux machine which is connected to the internet. ...
    (comp.security.firewalls)
Quantcast