Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER

Thanks Roger - The error message says the LOCAL POLICY..But it is true that
the Domain Policy was edited but NOT the logon rights for any user.

Used NTRIGHTS over the network, and that fixed it once. BUT, each time i
(Administator) logged on the same problem came back.

So, i followed the MS instructions to manually edit the inf and ini security
files to reset everything back to default.

Still the same error message. NOW, NTRIGHTS will not work - so network
access is not an option.

We are a small 2 pc design Company also enagaged in Christian Evangelism.

It looks like i must install another copy of the OS in a separate folder and
boot up through that, and then manually edit the files.

Unless you can think of another way??

REGARDING your comment : > If there were a simple way to reset everything
when the system
believes you are not entitled to do so it would not be a very
well planned system design now would it ?

WHY WOULD THE SYSTEM DENY THE ADMINISTRATOR LOGON RIGHTS???

If the Admin can't get in the system is useless.

Why would the system NOT warn an Admin that the changes made to the policies
will PREVENT him from logging back on??

It is a conundrum, and having scoured the internet, multitudes of other
people have experienced this very same issue.

CONCLUSION : It is an MS flaw in the way the OS responds to Security Policy
changes made by an Administrator who is NOT a Degree Holder in Computer
Science. The OS MUST tell the person, BEFORE the changes are absorbed, that
doing so will LOCK THEM OUT OF THE SYSTEM...

It does not do that, otherwise i would NOT be in this mess.

If you have any other ideas of how to reset the security back to default,
with ZERO Domain access we would ALL love to know,

Bless you Roger and thank you for your reply ... very much appreciated...

In Christ and in Truth...

WW7



"Roger Abell [MVP]" wrote:

You have told us this is with Windows 2000 server.
However, your subject says Domain Controller, but your message
says the change was in the local security policy, which is not used
on domain controllers.

What is it that you modified ?? If it was only the Log on Locally
and/or the Deny log on locally policies, then just edit the GPO
remotely over network with a domain admin account and reverse
the changes.

If there were a simple way to reset everything when the system
believes you are not entitled to do so it would not be a very
well planned system design now would it ?


"West-Wind-7" <WestWind7@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8A59B55E-6062-429D-B146-F958EC25532B@xxxxxxxxxxxxxxxx
"The local policy of this system does not permit you to logon
interactively"

Hello Everyone - i made a small and insignificant change to the local
security policy. NO ERROR MESSAGE, that i would be locked out of the
server,
and for this i am very upset with MS.

Anyhow, i CANNOT logon with ANY USER, not even the built in Administrator
in
Directory Services Mode. This has been for over 10 days now. DO NOT WANT
TO
LOSE the profiles.

Does ANYONE know of a floppy boot up program that will RE-SET all Domain
Controller Security back to DEFAULT???

Re-setting the Password is not the issue.

How CAN all SECURITY be reset to default, via a boot-up floppy program to
allow logon normally again without this RIDICULOUS MESSAGE "The local
policy
of this system does not permit you to logon interactively"

SURELY, there is a way to easily reset the security?

Hope someone can suggest something...

Thank you and God Bless you...

West-Wind-7








.

Relevant Pages

  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: No Shut Down or Restart for Domain Admins
    ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    (microsoft.public.windows.server.active_directory)
  • Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER
    ... So then the policy is disallowing all login by all users at all machines? ... boots up on cached profile only) The interactive logon problem has applied ... manual security reset. ... If you had not tried the reset we could have pulled you out of this, ...
    (microsoft.public.win2000.security)
  • Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER
    ... The message is refering to the effective policy. ... the security. ... If you had not tried the reset we could have pulled you out of this, ... WHY WOULD THE SYSTEM DENY THE ADMINISTRATOR LOGON RIGHTS??? ...
    (microsoft.public.win2000.security)
  • Re: The very strange problem about Win XP and Win 2K server
    ... What happens - any error message or such?? ... Can you ping the server from the ... logon events in the Local Security Policy of the Windows 2000 server ... the security log that correlates to the time of the failed logon which will ...
    (microsoft.public.win2000.security)