Group Policy will not allow local logon

[Intotao]

HELP!
Somehow, someone, (Yes most likely me) in our company has
managed to remove some group policy that allowed local
logon to server. Even the administrator can't log in
locally or with terminal services. I have created a user
account that I can log into server with, but it's just a
user account (Can't really do anything with it). When I
looked at account policies did not see anything that
indicated the account was not allowed to log in locally.
Secondly the exchange server services are supposed to
start with the admin account, but because admin cannot log
in, exchnage will not start. I tried using 'Net Start'
from Dos, but was still denied. There is no back up of
sysvol (that I can find) HELP, does anyone know of a way
to get around this???!!

Many thanks in advance,

 

[Buz [MSFT]]

Hello,

There may be a few ways to get around this:

1. While you are logged on to the box use the RunAs command (shift + riht
click the object) to open Active Directory Users and Computers, specify the
Admin account here and make the change to the local or Domain Controller
security policy.

Also you can make the change remotely:

1. Install the adminpak.msi on another Windows 2000 machine
2. Open Active Users and Computers
3. Right click on the snapin and choose Connect to Domain Controller
4. Connect to any writable domain controller or a specific one
5. Once it is connected, right click on the domain name and choose
properties
6. Go to the group policy tab and highlight default domain controller
policy and
choose edit
7. Browse to Computer configuration\windows settings\security
settings\local
policies\user rights assignment\deny logon locally
8. Remove the administrators from this policy

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.