Re: Gpedit.msc

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/19/03

• Next message: Brenda Jones: "Administrator or not?"
• Previous message: Steven L Umbach: "Re: Disabling explorer security loop hole for Windows XP start menu"
• In reply to: Ace: "Re: Gpedit.msc"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 18 Nov 2003 17:04:48 -0700

>From the fragments in this (part of) the thread, it
appears that you have blocked access to the tools
you need in order to undo the changes you made
in local policy, and, you are not in a domain.

Try accessing the Security dialog in properties of
C:\windows\GroupPolicy and there set a Deny of
Full Control for the Administrators group.
Then, log off and back in with an admin account.
Do this even if you are not changing from one account
to another. Then, again access the Security dialog
of the same GroupPolicy folder and remove the Deny
that was set during the last login.
Now, edit and remove the problem settings from your
local group policy. Do this right away after removing
the Deny. Then test using a log off / log on to see if you
reversed all the changes you needed to. If not, start over
with the setting of the Deny.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Ace" <metuchen@speakeasy.net> wrote in message
news:eeOZKfhrDHA.488@tk2msftngp13.phx.gbl...
> I tried that and its say the access is denied contact the administrator
and
> im already logged into the admin account i even tried the run as feature
> still wont let me in its says it resrticted from the local policy any
> suggestions thankx
> "Ace" <metuchen@speakeasy.net> wrote in message
> news:e4omj3erDHA.1880@TK2MSFTNGP09.phx.gbl...
> > I recently used gpedit on a XP pro machine to take out some things like
> the
> > run menu and others but now i need to go back into gpedit and there is
no
> > way i can get back in since i took out run in the start menu. just for a
> > note i am logged into the admin account i just cant remember how to get
> back
> > in?
> >
> > Thanks
> > Ace
> >
> >
>
>

---

• Next message: Brenda Jones: "Administrator or not?"
• Previous message: Steven L Umbach: "Re: Disabling explorer security loop hole for Windows XP start menu"
• In reply to: Ace: "Re: Gpedit.msc"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Local Security Policy ... and you are locked out due to a policy ... setting you have made within the local security ... set a Deny of Full for the admin account you are using ... (microsoft.public.windowsxp.security_admin) Re: DENY ACLs ... Each Access Control Entry (ACE) in the ACL consists of: ... * Type (Allow or Deny) ... > POSIX.1e ACL evaluation with subtractive rights of the sort you're ... (FreeBSD-Security) RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox ... USER) and then let you configure the Admin account on start. ... > Please run some unix or at least read about the unix ... > default user of the MS computer is made an administrator. ... If they really did target security, ... (Full-Disclosure) Re: "Deny" permissions keep getting lost? ... Enable auditing on those files, and/or the containing folder, so ... As you state that you placed an explicit deny on each file, ... Security) ... > used as a file server on a small network. ... (microsoft.public.windowsxp.security_admin) Re: GetEffectiveRightsFromAcl ... > you have an allowed ACE preceding a denied ACE, ... > "Ray Hayes" wrote in message ... The first ACE grants full control. ... >> deny inherited from the parent item and the 3rd is a grant of full control ... (microsoft.public.platformsdk.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)