Re: Locked out of Win2k Server

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/12/05


Date: Sat, 12 Feb 2005 02:03:20 -0700

I have read all of your posts - twice
and I am still unclear why everyone seems to think
you are saying that you cannot log into any machine
in the domain. I can see how what you have said
could be interpreted as that way, but I can also see
how you may be speaking only about logging into
just that one member - which is the case?

That you cannot log into the member server with either
a domain or machine local account can be simply
reversed by checking a few policies in whatever GPOs
might have the member in their scope of application.
Check especially, both in the computer settings tree of
policies, 1) the User Right to Log on locally, and Deny
local logon, and 2) the membership of any Restricted
groups (if you have defined these) that might be used
in the two User Right polices just mentioned.

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"[-=Dan=-]" <getbent@ease.com> wrote in message
news:373rt9F57bv0pU1@individual.net...
> Hi all,
>
> I have a Windows 2000 server as a member server of a Windows 2000 AD
Domain.
> I've been messing with policies of an OU on the domain controller, trying
to
> lock down a desktop. Now, I can't logon to my member server, either
through
> TS or at the console, I get 'The local policy of this system does not
permit
> you to logon interactively". I can't logon to the local machine, even
using
> the Administrator account. And I can't logon to the domain, again using
the
> Administrator account.
>
> I'm well and truly knobbed off.
>
> Does anyone have any ideas before I rebuild this server?
>
> TIA
>
> Dan
>
>