Local policy logon interactively on remote laptop

  • Thread starter Thread starter Pete
  • Start date Start date
P

Pete

A domain policy was inadvertanly applied denying local
logon to anyone but the specified user in the policy.
This was corrected and those connected to the LAN were
able to logon after the correction.

A remote user dials in via VPN, receives the incorrectly
configured policy and then disconnects. The user than
logs off/restarts the laptop and is now unable to log in.

Remote user...meaning this person is not on a LAN where he
can receive an updated policy which would correct the
login issue.

As a remote user who can't log on, even via Safe Mode,
what options are there to be had in correcting the mis-
applied policy?

Login via-dialup isn't an option for this user.

Any information leading to a solution is appreciated.

-Pete
 
That is a bad situation and there is no easy way to correct that without rebooting on
the lan. Computer policy is not supposed to be easily overridden. Removing a computer
from the domain may be one way, but that is not an option for him since he can not
logon.

Computer configuration also can applies to local user accounts. If the local
administrator was exempt from the policy, have him try to logon as the built in local
administrator account.

Otherwise the computer will have to be brought back to the lan or have the operating
system reinstalled where he is at. A parallel installation of the operating system or
slaving the hard drive in another computer running W2K/XP Pro would allow the user to
access his data files before a reinstall. Note that access to EFS encrypted files
will be lost after a reinstall unless the user has backed up his EFS private keys to
a .pfx file or a Recovery Agent is available which may be a domain
dministrator. --- Steve
 
Thanks for the response, Steve.

My last effort was to have him boot to the recovery
console in hopes of removing the policy file but he had
trouble getting the console to load (separate matter, it
seems). This is definately an unfortunate situation when
working with a user base that is 99% remote so it's not a
GP mistake we'll be making again.

I had him do the only other thing and arrange to ship it
back to the office. Once back on our LAN I should have a
better time with it.

Thank you again,

-Pete


-----Original Message-----
That is a bad situation and there is no easy way to
Click to expand...
correct that without rebooting on
the lan. Computer policy is not supposed to be easily
Click to expand...
overridden. Removing a computer
from the domain may be one way, but that is not an option for him since he can not
logon.

Computer configuration also can applies to local user accounts. If the local
administrator was exempt from the policy, have him try to logon as the built in local
administrator account.

Otherwise the computer will have to be brought back to the lan or have the operating
system reinstalled where he is at. A parallel
Click to expand...
installation of the operating system or
 
Back
Top