Re: Bypass Domain GPO when not connected to network?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/25/05
- Previous message: nospam: "Re: Default Shares"
- In reply to: Ross Luker: "Bypass Domain GPO when not connected to network?"
- Next in thread: Ross Luker: "Re: Bypass Domain GPO when not connected to network?"
- Reply: Ross Luker: "Re: Bypass Domain GPO when not connected to network?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Oct 2005 09:25:08 -0500
There is no hack that I have ever heard of or figured out and unfortunately
that is a bad situation. There is an option to logon via dial up connection
that a user will see when they first try to logon after they do
ctrl-alt-delete [they may have to select options box if they do not see it]
to their computer where they will have to select that checkbox and then
choose the VPN connectoid. Have them try that to see what happens as that
works a bit differently that the VPN connection after logging onto the
computer. If that does not work then about the best you can do is have them
try to logon with the built in administrator account and have them VPN in
and you may have to instruct them how to configure the VPN connectoid. If
they can not VPN logged on as a local administrator have them create a local
user account that matches their domain logon and password and try that. Tell
them how to use secedit/gpupdate to refresh computer configuration policy
and if it refreshes successfully they should then be able to logon with
their domain account but of course they would still know the local
administrator password. If they can not logon as the local administrator the
computers will need to be connected to the domain somehow or rebuilt and
they would need to logon with local computer user account until such time it
had been joined to the domain again. I have never tried it over a VPN
connection but it may be possible to join the computer to the domain using
the netdom command. You may also want to post in the Active_directory
newsgroup.--- Steve
"Ross Luker" <ross_luker@hotmail.com> wrote in message
news:1130229368.527529.156250@f14g2000cwb.googlegroups.com...
> Hi,
>
> We have a problem where the "Log on locally" entry in the Default
> Domain GPO was messed with (an entry was put in without specifying
> other users). This was quickly fixed, as soon as we noticed users
> being denied the right to log on. However, I've got several users that
> were connected to our VPN when the GPO changed, and now when they
> reboot they're denied access to the machine. Obviously, just
> connecting the PC to the network will refresh to the working GPO, but
> several users are in a different country - is there a way I can get
> them logged in to the machine so that they can access the VPN and
> refresh group policy?
>
> TIA
> Ross
>
- Previous message: nospam: "Re: Default Shares"
- In reply to: Ross Luker: "Bypass Domain GPO when not connected to network?"
- Next in thread: Ross Luker: "Re: Bypass Domain GPO when not connected to network?"
- Reply: Ross Luker: "Re: Bypass Domain GPO when not connected to network?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
