Re: Locked out of Computer - "Deny logon locally = Administrator"



If you can access the boot drive of that system via the network,
such as by mapping c$ admin share, then do so. Otherwise you
will need to pull the drive and hang it as a secondary on the other
running system. Either way, once you can access the NTFS security
dialog, set a Deny of Full for Administrators on the directory
system32\GroupPolicy. If disk removal was needed, replace.
Reboot the system, log in as an admin, remove the Deny and then
immediately run gpedit and remove the offending policies.


"Mister Gene" <MisterGene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EDBE6FA8-07D9-43A2-89D4-0F4AF06AA303@xxxxxxxxxxxxxxxx
Please excuse the length of this post but I feel all the details might be
necessary.
I have a computer that has Windows 2000 Professional Edition installed in
it.

While adding a router to My home, I called My Internet Service Provider
because I was having a problem setting it up. The Tech found out that My
cable modem had 2 IP addresses in it one of which was not theirs and not
the
one for the router. He said that it looked like some other computer was
tapped into the modem on a remote connection. I explained to him that I do
not connect to My computer remotely at all. He said that a hacker may have
obtained access to My computer through that IP address.

After the Tech cleared out the modem, reset it remotely and helped Me
configure the router as a firewall, He suggested that I download and
install
from Microsoft the Microsoft Baseline Security Analyzer which he said
would
help protect the security of My computer even more. After downloading,
installing and running the MBSA it said that there was no Local Security
Policy set on this computer.

Reviewing instructions I found at Microsoft's web site on how to install a
Security policy, I picked one of the basic "*.inf" files and installed it.
After opening the "Administrator tools", "Local Security Settings", and
then
"Local Policies" and then "User Rights Assignments", I did something
REALLY
dumb...

I set ALL the Policies to "Administrator"!!!

So... You guessed it I locked Myself out of the computer by the policy
"Deny
logon locally = Administrator". I have access to another computer that has
XP
on it. I can take the hard drive from the one that has the problem and
install it into the one that has XP on it.

HELP!!! Is there any way to correct this???
(BIG Lesson learned here!!!!)

Mr. Gene


.



Relevant Pages

  • Re: Oh Dear, Where to start?!
    ... > from some of you with appropriate experience in the field of network ... > main focus and priority has been computer security and policy development. ... install certain updates. ...
    (Security-Basics)
  • Re: Locked out of Computer - "Deny logon locally = Administrator"
    ... Windows 2000 on it. ... How do I access the NTFS security dialog? ... to use Local Security Policy utility to change that XP ...
    (microsoft.public.win2000.security)
  • Re: [Full-Disclosure] Support the Sasser-author fund started
    ... >> Windows security problems could be avoided by ripping out the network ... a user is expected not to be able to install a complex ... > configuration right is the job of the system admin, ... security critical stuff!), so you have to go and lock it down. ...
    (Full-Disclosure)
  • Re: permissions in widows xp home edition
    ... This would be done by the admin just ... >>after the install, and it grants the Users group change ... >>the tightened security of W2k and now XP, ... >>> edition is not the easiest to use for permissions. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cannot Open Local Policy Database
    ... folder and make sure administrators has access. ... One thing we do to stop local policy applying to admins is remove access to ... > Security patches. ... > admin ofcourse), I get the error "Windows cannot open the ...
    (microsoft.public.win2000.security)