Y
Yssa
HELP! In Group Policy I accidentally put
the "administrators" group in the "Deny" settings.
I was resolving a GP issue regarding deleted user names.
In editing the group policy I added the "Administrators"
group to all the security entries, specifically all
the "Deny" settings. The result is I can no longer log in
to any of my servers since they only have administrator
accounts on them and the'yre all denied logon access.
PLEASE DON'T NOT ANSWER ME BECAUSE I DID SOMETHING REALLY
STUPID!
Once you're done laughing at me and my sleepiness, do you
know a workaround to access the GP on a file level? I've
gotten in to the file system with the boot disk on the
command line and renamed all the files in
c:\WINNT\Security\Policies
Edit is not part of the boot disk tools so i renamed the
c:\winnt\sysvol\sysvol\my
domainname\machine\microsoft\windows nt\secedit\{xxxxxxxx}
\gpttmpl.inf to
c:\winnt\sysvol\sysvol\my domain
name\machine\microsoft\windows nt\secedit\{xxxxxxxx}
\gpttmpl.inf.old
and renamed the gpttmpl.inf in the root.
Not working.
I'm wondering if I'm editing the correct files or if I
have to get in to the registry as well.
I'm desperate to find any way around this problem short
of re-installing the OS, in particular on my AD DC.
Do you know where to add edit.com to the boot disks to
add it to the disk tools? Kind of stupid that they pulled
it from the 2000 boot disks. I tried adding it to Disk4,
then running it from the disk but it won't accept the
command. I was told to edit the gpttmpl.inf and remove
the administrators group from the deny list, but at the
moment I can only delete or rename.
If anyone can give me decent instructions on where and
how to edit this problem on the file level I'd be in
their debt.
Thanks in advance
the "administrators" group in the "Deny" settings.
I was resolving a GP issue regarding deleted user names.
In editing the group policy I added the "Administrators"
group to all the security entries, specifically all
the "Deny" settings. The result is I can no longer log in
to any of my servers since they only have administrator
accounts on them and the'yre all denied logon access.
PLEASE DON'T NOT ANSWER ME BECAUSE I DID SOMETHING REALLY
STUPID!
Once you're done laughing at me and my sleepiness, do you
know a workaround to access the GP on a file level? I've
gotten in to the file system with the boot disk on the
command line and renamed all the files in
c:\WINNT\Security\Policies
Edit is not part of the boot disk tools so i renamed the
c:\winnt\sysvol\sysvol\my
domainname\machine\microsoft\windows nt\secedit\{xxxxxxxx}
\gpttmpl.inf to
c:\winnt\sysvol\sysvol\my domain
name\machine\microsoft\windows nt\secedit\{xxxxxxxx}
\gpttmpl.inf.old
and renamed the gpttmpl.inf in the root.
Not working.
I'm wondering if I'm editing the correct files or if I
have to get in to the registry as well.
I'm desperate to find any way around this problem short
of re-installing the OS, in particular on my AD DC.
Do you know where to add edit.com to the boot disks to
add it to the disk tools? Kind of stupid that they pulled
it from the 2000 boot disks. I tried adding it to Disk4,
then running it from the disk but it won't accept the
command. I was told to edit the gpttmpl.inf and remove
the administrators group from the deny list, but at the
moment I can only delete or rename.
If anyone can give me decent instructions on where and
how to edit this problem on the file level I'd be in
their debt.
Thanks in advance