Re: Reset Group Policy back to out of the box default

---

• From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 28 Aug 2006 12:10:18 -0500

---

Assuming you have access to the server over the network as an administrator
as evidenced by your ability to access and administrative share such as C$
then NTRights should work. Keep in mind that the privilege you specify with
NTRights is case sensitive which means that SeInteractiveLogonRight and
SeDenyInteractiveLogonRight need to be typed exactly as shown. Also the
server may need to be rebooted after changing user rights. I would try
giving everyone +r SeInteractiveLogonRight and then grant everyone, users,
authenticated users, and administrators -r SeInteractiveLogonRight as any
user that is included in deny logon user right will not be allowed to logon
even if they have allow user right. If none of that helps you could also try
using psexec from SysInternals/Microsoft to access the command prompt on the
locked out server and use secedit to reset user rights back to default
defined levels being sure to add areas / user_rights to the end of the
command as shown in the KB article below. If you don't specify /areas the
command will disable many critical services on Windows 2003.

Steve

http://www.sysinternals.com/Utilities/PsExec.html --- psexec
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

"seh" <seh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3F164A77-572A-4BD6-8DBD-9B9F56D8CAAC@xxxxxxxxxxxxxxxx

Does anyone know how to reset the policy settings back to the default out
of
the box settings? We had a "power user" decide he needed to update his
stand
alone server with member server updates. Now everyone is locked out and
unable to log in. I can map a drive to the box and connect to the box w/
mmc. I've ran ntrights to add LogonRights, but it still fails. It cycles
between to errors, Policy doesn't allow you to log on locally and Not in
the
Allow Remote Login.
Any suggestions?
Thanks,
seh

.

---

• Prev by Date: where is client certificate on server usually installed?
• Next by Date: Re: Reset Group Policy back to out of the box default
• Previous by thread: where is client certificate on server usually installed?
• Next by thread: Re: Reset Group Policy back to out of the box default
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Users cant log in to sharted directory ... Log on as administrator on the server, open a Command ... permissions are full access for everyone. ... (microsoft.public.win2000.networking) Re: New to VPN... ... I have already mapped the drive to a folder on the server with the command ... VPN connection doesn't work, ... you have to word them like a server administrator would, ... (microsoft.public.windows.server.general) RE: Cant set Local Security policies. They fail to save ... I followed your instructions on applying the predefined security templates. ... I still can’t set any of the local security policies on the server box. ... > using local Administrator account to test, ... >>> member of either the Remote Operators group or the Domain Power Users ... (microsoft.public.windows.server.sbs) Re: Help - administrator locked out! ... Second - thanks for your extremely helpful response. ... with 1 Novell server. ... I don't pretend that I'm some sort of super administrator or anything. ... I agree it's my practices that have got me into trouble in the first ... (microsoft.public.windows.server.general) Re: FIRED IT ADMIN HAS LOCKED US OUT OF SBS ... you have risen to an Administrator this would be a given. ... server and run all LOB apps on these. ... If there are no encrypted files, just reset the DSRM account ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2006-08