Re: Question about Log on Locally Policy.
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 07/06/05
- Next message: Sandy Wood: "Windows 2000 SP4 Rollup setup error"
- Previous message: Steven L Umbach: "Re: Spyware or virus?"
- In reply to: Adam Sandler: "Re: Question about Log on Locally Policy."
- Next in thread: Adam Sandler: "Re: Question about Log on Locally Policy."
- Reply: Adam Sandler: "Re: Question about Log on Locally Policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Jul 2005 12:06:14 -0500
OK. That helps a lot. To answer your question I don't know or have ever
heard of a way to fix such via the registry. One thing to try is the tip
from JSI at the link below but there is no guarantee that it will work and
it might be best to copy a secedit.sdb from a non domain computer.
http://www.jsifaq.com/subG/TIP3300/rh3361.htm
I assume you can not logon with a local account because you get an error
about not having the right to logon locally. If the problem is you don't
know the local administrator password there are free utilities to reset such
or you can rename the sam file in \winnt\system32\config from outside the
operating system which will cause a new sam to be generated at reboot with
only default users/groups and a blank password for the built in
administrator account.
http://www.petri.co.il/forgot_administrator_password.htm
Assuming the problem is that local users lack logon locally user right
[possibly it exists only for domain users?] you could try to use ntrights to
grant "users" logon locally if you can connect to the computer over the
network via the local built in administrator account. See the links below
about ntrights and FYI much of the syntax for ntrights is case sensitive.
You also could try using netdom to remove the computer from the domain and
see if that allows you to logon locally. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;315276
http://www.petri.co.il/download_free_reskit_tools.htm --- download
ntrights here if you need it.
ntrights -m \\computer -u users +r SeInteractiveLogonRight [this command
may work using actual computer name while logged onto a network computer
with an account that has same logon/password as local administrator on
locked out computer]
"Adam Sandler" <corn29@excite.com> wrote in message
news:1120665817.523835.138470@z14g2000cwz.googlegroups.com...
>> What exactly is your goal??
>
> I have honest intentions.
>
> I'm trying to log on to a box restored from image. It keeps giving me
> the error cannot log on to domain because computer account is missing.
> I cannot log on locally either. I know I'm authenticating because if
> the password was wrong, I'd get a different error. Attempts to solve
> this problem via nltest or netdom have failed as well. If I know where
> the setting for log on locally is at in the registry, I could use
> something like chntpw from Knoppix to edit the policy, gain access to
> the desktop, and then rejoin the domain.
>
> Steven L Umbach wrote:
>> It is stored as part of security policy applied to that computer. What
>> exactly is your goal?? --- Steve
>>
>>
>> "Adam Sandler" <corn29@excite.com> wrote in message
>> news:1120587596.482670.59810@f14g2000cwb.googlegroups.com...
>> > Is the log on locally policy stored anywhere in the registry? So that
>> > if I were to delete that value, it would be the same as not enabling
>> > log on locally in the first place?
>> >
>> > Thanks!
>> >
>
- Next message: Sandy Wood: "Windows 2000 SP4 Rollup setup error"
- Previous message: Steven L Umbach: "Re: Spyware or virus?"
- In reply to: Adam Sandler: "Re: Question about Log on Locally Policy."
- Next in thread: Adam Sandler: "Re: Question about Log on Locally Policy."
- Reply: Adam Sandler: "Re: Question about Log on Locally Policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
