Re: Locked out of Win2k Server

From: Roger Abell (
Date: 02/12/05

Date: Sat, 12 Feb 2005 02:03:20 -0700

I have read all of your posts - twice
and I am still unclear why everyone seems to think
you are saying that you cannot log into any machine
in the domain. I can see how what you have said
could be interpreted as that way, but I can also see
how you may be speaking only about logging into
just that one member - which is the case?

That you cannot log into the member server with either
a domain or machine local account can be simply
reversed by checking a few policies in whatever GPOs
might have the member in their scope of application.
Check especially, both in the computer settings tree of
policies, 1) the User Right to Log on locally, and Deny
local logon, and 2) the membership of any Restricted
groups (if you have defined these) that might be used
in the two User Right polices just mentioned.

Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"[-=Dan=-]" <> wrote in message
> Hi all,
> I have a Windows 2000 server as a member server of a Windows 2000 AD
> I've been messing with policies of an OU on the domain controller, trying
> lock down a desktop. Now, I can't logon to my member server, either
> TS or at the console, I get 'The local policy of this system does not
> you to logon interactively". I can't logon to the local machine, even
> the Administrator account. And I can't logon to the domain, again using
> Administrator account.
> I'm well and truly knobbed off.
> Does anyone have any ideas before I rebuild this server?
> Dan