Re: Domain Policy

Hi Steve,

I found the MMC key in Registry under HKLM\Software\Microsoft\MMC, but there
is no place where it says to disable access.. I only has {........} sub keys
for different applications and wasn't sure how to enable them?

Any help is really appreciated.

Best Regards,

Shabbir

"Steven L Umbach" wrote:

First from the server you can access the registry remotely see if you can
manage Group Policy remotely to undo your changes. While on that server
enter MMC in the run box to open Management Console and then add the Group
Policy Object Editor and instead of local computer select another computer -
browse and browse for and select the domain controller and you may then be
able to edit domain level Group Policy.

If that does not work use the registry editor. You are not looking for the
policy itself but you want to edit/remove the registry keys that are locking
you out to give you a change to then edit Group Policy to remove those
settings. You want to look for registry keys/entries under
HKCU\Software\Policies\Microsoft\Windows such as system where if you see
DisableCMD you want to delete that dword entry. Under
HKCU\Software\Policies\Microsoft\Windows\MMC if you see any items listed
{numbers and letters}either remove the {numbers and letters}or change the
restrict run values to 0. After that you should be able to open access ADUC
and edit Group Policy though you may need to logoff/logon the domain
controller or reboot the server first.

Group Policy enforces those registry settings and the next time Group Policy
is applied those registry entries will return which is why it is important
that you edit Group Policy ASAP after gaining access starting with those
settings that locked you out..

Steve


"Shabbir Jadliwala" <ShabbirJadliwala@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:541A33B4-26D2-4E3D-9859-943BE629B265@xxxxxxxxxxxxxxxx
Hi Steven,

I can't get on the Registry locally on the server as well. But can do it
remotely from another server, which is not a Domain Controller. I tried
searching my policy in there, but couldn't find it in there. Is there any
other place I can find it?

Thanks for your help.

Best Regards,

Shabbir

"Steven L Umbach" wrote:

Try logging onto a domain computer [non critical workstation] as domain
admin and see if you can run regedit or if you can run a tool called Dial
a
Fix from a flash drive or such as it can detect and remove many Group
Policy
restrictions. If that works then you can use MMC snapin for Group Policy
to
manage the Group Policy on a domain controller to make changes to undo
the
harm. Otherwise if you can use regedit look for and delete the Group
Policy
restrictions seen under the keys listed below which will buy you time to
make changes to Group Policy.

Steve

http://www.softpedia.com/get/System/System-Miscellaneous/Dial-a-fix.shtml
-- Dial a fix

Table 1 Approved Registry Key Locations for Group Policy Settings

For Computer Policy Settings: For User Policy Settings:
HKLM\Software\Policies (The preferred location)
HKCU\Software\Policies (The preferred location)

HKLM\Software\Microsoft\Windows
\CurrentVersion\Policies
HKCU\Software\Microsoft\Windows
\CurrentVersion\Policies



"Shabbir Jadliwala" <Shabbir Jadliwala@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:733AF4FD-9341-47EB-8363-EC442BA03A66@xxxxxxxxxxxxxxxx
I have had set up a policy to block all users with any rights other then
the
basic ones. But by mistake I have had applied to all, instead of the
group,
and now I can do any changes to it myself, even though I am logged in
as
the
Administrator.

Is there any way, I can get it reset back to original. I don't have
access
to my local drives or command prompt or AD or anything right now.

Any help would be really appreciated.

Best Regards,

Shabbir






.

Relevant Pages

  • Re: Admin / Domain Admin rights problem
    ... As far as Group Policy - registry you will not see that in Local ... >> Key and SubKey - Type of Access: ... >> Detailed Access Flags: ...
    (microsoft.public.win2000.security)
  • Re: Applying zone settings on Pop-up Blocker
    ... I checked the registry and the settings is there! ... > Troubleshooting Group Policy in Microsoft? ...
    (microsoft.public.windows.group_policy)
  • Re: Apply registry setting.
    ... registry setting to the editor in Group Policy and allow you to manage it. ... GPOE and then managed on the GPO itself. ... diagnostic value called 'Replication Events' that can be turned on the ...
    (microsoft.public.win2000.group_policy)
  • Re: Location of local policies
    ... The registry is one location. ... The Group Policy template folder contains subfolders, including, but not ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Registry settings management for 16 computers through Group Po
    ... Administrative Template Files With Registry Based Group Policy" During ... I was about to try creating the ADM template file with the original location ...
    (microsoft.public.windows.group_policy)