Re: Domain Controller Security Policy
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: Sat, 13 Aug 2005 07:07:20 -0700
As she has the ADRM password, if she also has backup to
use that is fresh enough, then your best route may be to restore
the GPO(s) on the DC OU to point before she did the rename.
Otherwise, I am not sure, but doubtful, whether you could in
ADRM get at just that policy or its value (the @dm name), or
the enable/disable attribute of the GPO link to the OU, etc..
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Eric Eickhoff" <email@example.com> wrote in message news:O2xzkU4nFHA.3996@TK2MSFTNGP12.phx.gbl... > Greetings, > > I am stumped as to whether or not this can be resolved, but a client set the > Rename Administrator Account setting in the Domain Controller Security > Policy to a name containing the '@' character. Of course now, she can't log > on to the domain with that account and as luck would have it -- she doesn't > have any other accounts with domain admin privelages and this is the only > domain controller. It is a W2K3 DC. Does anyone know if the DC Security > Policy can be reset -- at least the Rename Admininstrator Account setting (I > know -- this sounds fishy from a security standpoint and truly don't expect > an answer on that one) or is there a way to log on to the system using the > account name with '@' signs in it. I had her try entering > DOMAIN\@ministrator in the username with no luck. I am assumming that it is > looking at the information after the '@' sign as being the domain info and > that is why it is failing. She does have the password for the Active > Directory Restore Mode if it helps. > > Anyone have any insight? > >