Local Security Policy

  • Thread starter Thread starter Thomas
  • Start date Start date
T

Thomas

OK, Everyone all together say you dumb---

This is what I have done. I am running terminal server and
I needed to lock the server down, so people would not have
access to run, help, network places etc...I ran mmc and
installed the group policy for the local machine.

Now as admin I cant get in to configure any of the
settings cause I am locked out of that server. I can log
on to it but when I try to access admin tools or the
policy it says I do not have the rights.Is there a way to
delete or override the local group policy so I can edit
items.

thx
 
Thomas,

Try getting to the file system (Hidden folder under %systemroot%\system32)
called Group Policy. Then "Deny Read" permission to the "Administrator" this
should allow you into the machine without this policy applying to the
machine.

The problem is that you won't be able to edit it since you can't "read" it,
but that might get you into the box without the restrictions.

Is this just a stand alone machine? Can you possibly copy the structure from
another machine you have access to?

OK, Everyone all together say you dumb---

This is what I have done. I am running terminal server and
I needed to lock the server down, so people would not have
access to run, help, network places etc...I ran mmc and
installed the group policy for the local machine.

Now as admin I cant get in to configure any of the
settings cause I am locked out of that server. I can log
on to it but when I try to access admin tools or the
policy it says I do not have the rights.Is there a way to
delete or override the local group policy so I can edit
items.

thx
 
Thomas,

If the terminal server is in a Windows 2000 domain, keep in mind that some
policies have greater precedence than others. Here is the order of
precedence:

1. Local
2. Site
3. Domain
4 OU

The easiest way bypass your local security policies settings on your
terminal server is to create a new OU and put your terminal server in that
new OU. Then configure a new group policy for that new OU that overwrites
the group policy changes that you made in the local security policy on that
terminal server. You will then need to reapply group policy on that
terminal server by running the following command from a command prompt:

secedit /refreshpolicy machine_policy /enforce

The new OU policy should overwrite your local security policy settings
whereever there is a conflict.

Ray Lava
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights
 
Back
Top