Re: Applied a security policy to standalone XP and strange outcome
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/16/05
- Next message: Patrick: "VPN users not prompted to change their domain passwords"
- Previous message: Roger Abell: "Re: Renaming W2K AD Administrator Account"
- In reply to: Gringo: "Applied a security policy to standalone XP and strange outcome"
- Next in thread: Gringo: "Re: Applied a security policy to standalone XP and strange outcome"
- Reply: Gringo: "Re: Applied a security policy to standalone XP and strange outcome"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 07:02:22 -0700
There are so, so many possibilites.
While local security policy does not allow Restricted Group
definitions, these however can be defined in a SCE template,
and when such a template is applied to a standalone system
these will have a one-time effect on the target system.
A Restricted Group definition can be used to state the precise
membership in and also of a Windows group.
Perhaps you wandered into this territory (?).
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Gringo" <bkey89@msn.com> wrote in message news:1110978711.942125.55550@g14g2000cwa.googlegroups.com... > First of all let me say that this is my first time ever posting to a > group of any kind so please be forgiving with my inexperience. After > many years I am changing career fields and going into IT. > > Here's my situation... > > I have an XPpro stand-alone machine that I was messing around with on > Snap-ins and the Security Analysis and Configuration. I don't remember > exactly but 99% confident that I imported and applied the Hisec > template. > > Before the template was applied my user account was the local admin > account (which was set as admin from the start when I installed XP on > the machine)and I had 2 other limited user accounts plus 1 guest > account, all of which showed up on the Welcome screen. > > After I logged off I noticed that my user did not show up on the > welcome screen and neither did the guest account, instead, a > "Administrator" user appeared with the two limited user accounts on the > Welcome screen. I clicked to logon as the admin but was unable due to > not having the correct password (I have no clue what it would be > because I never setup and "Administrator" user for the machine. > > So I began freaking-out and rebooted the system; now the welcome screen > only shows the two limited user accounts and that's it. Through > reading this group I found that I could press ctrl-alt-delete twice and > get the network login, which I did, and logged in with my user account > name no problem. HOWEVER, my user account is no longer set as an admin > account and I can't even view my system calendar much less anything > else. > > I downloaded an image to make a boot cd to reset the admin password, I > will see if it works this evening, but I was wondering if anyone knows > what would cause my user to be "kicked out" of the admin group on a > stand alone machine??? > > Thanks again for the help and forgive me for being long winded and a > newbie. >
- Next message: Patrick: "VPN users not prompted to change their domain passwords"
- Previous message: Roger Abell: "Re: Renaming W2K AD Administrator Account"
- In reply to: Gringo: "Applied a security policy to standalone XP and strange outcome"
- Next in thread: Gringo: "Re: Applied a security policy to standalone XP and strange outcome"
- Reply: Gringo: "Re: Applied a security policy to standalone XP and strange outcome"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
