Re: Locked out of Win2k Server

From: Roger Abell (
Date: 02/12/05

Date: Sat, 12 Feb 2005 02:03:20 -0700

I have read all of your posts - twice
and I am still unclear why everyone seems to think
you are saying that you cannot log into any machine
in the domain. I can see how what you have said
could be interpreted as that way, but I can also see
how you may be speaking only about logging into
just that one member - which is the case?

That you cannot log into the member server with either
a domain or machine local account can be simply
reversed by checking a few policies in whatever GPOs
might have the member in their scope of application.
Check especially, both in the computer settings tree of
policies, 1) the User Right to Log on locally, and Deny
local logon, and 2) the membership of any Restricted
groups (if you have defined these) that might be used
in the two User Right polices just mentioned.

Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"[-=Dan=-]" <> wrote in message
> Hi all,
> I have a Windows 2000 server as a member server of a Windows 2000 AD
> I've been messing with policies of an OU on the domain controller, trying
> lock down a desktop. Now, I can't logon to my member server, either
> TS or at the console, I get 'The local policy of this system does not
> you to logon interactively". I can't logon to the local machine, even
> the Administrator account. And I can't logon to the domain, again using
> Administrator account.
> I'm well and truly knobbed off.
> Does anyone have any ideas before I rebuild this server?
> Dan

Relevant Pages

  • Re: Event ID: 537 Kerberos
    ... The strange thing is that the event ID 537 comes up on the member server ... This makes me think that the windows 2000 DC accepts the kerberos ... I'm thinking that the Windows 2003 kerberos is not the same as the windows ... >> Logon Failure: ...
  • Group Polocies not being applied
    ... I've got a Windows 200 Adv. ... Running gpresult /v on a client machine with a valid logged on user does not ... Anyone have any idea why the policies are not getting propagated at logon? ...
  • Re: cannot logon to terminal services
    ... >I am running Terminal services on a member server, Windows 2003 server. ... > have all the users who are going to logon to TS in the Remote Desktop ...
  • Locked out of Win2k Server
    ... I have a Windows 2000 server as a member server of a Windows 2000 AD Domain. ... Now, I can't logon to my member server, either through ... the Administrator account. ...
  • Re: Is it possible to make changes to a group policy through script?
    ... computer startup and logon" on all Windows XP machines in the network, ... It will cause what you say only when policies are applied, ... Apply the setting to the client machines using a GPO if those machines ... apply this change in an environment consisting of Win2k3 DC's and Windows ...