Locked Out of Server

  • Thread starter Thread starter chad
  • Start date Start date
C

chad

On Friday everything was fine with my DC. I come in on Monday to find
that when I logon using the administrator account, or any account for
that matter, I get the message:

"The local policy of this system does not allow you to logon
interactively." WHAT!?!?!!
 
On Friday everything was fine with my DC. I come in on Monday to find
that when I logon using the administrator account, or any account for
that matter, I get the message:

"The local policy of this system does not allow you to logon
interactively." WHAT!?!?!!
Click to expand...
Are you the only Admin? If not talk to the others and see what
changed. If you are try rebooting first, then check for viruses etc
from a bootable disk.
 
Are you the only Admin? If not talk to the others and see what
changed. If you are try rebooting first, then check for viruses etc
from a bootable disk.
Click to expand...

Well, it's a lot worse than I thought. Apparently during a Windows
update something didn't get updated correctly. The server reboot
itself, and the local security policy was damaged. RDP is also damaged
so we have no access to the machine in any way. We can look at the
registry and try a remote command line. We tried to force a policy
update which didn't work because it says it can't find the default
domain policy. The secondary DC also has the same issue.

All services are running correctly, shares, DHCP, DNS, Exchange...
(It's an SBS 2003 box). We called Microsoft and they said we're going
to have to boot into directory restore mode and attempt to recover
from there.
 
chad said:
Well, it's a lot worse than I thought. Apparently during a Windows
update something didn't get updated correctly. The server reboot
itself, and the local security policy was damaged. RDP is also damaged
so we have no access to the machine in any way. We can look at the
registry and try a remote command line. We tried to force a policy
update which didn't work because it says it can't find the default
domain policy. The secondary DC also has the same issue.

All services are running correctly, shares, DHCP, DNS, Exchange...
(It's an SBS 2003 box). We called Microsoft and they said we're going
to have to boot into directory restore mode and attempt to recover
from there.
Click to expand...

You should be able to solve this problem like so:
- Restore the System registry file to a different location.
- Boot the server with a Bart PE boot CD.
- Copy the restored file to its correct location.

If this does not work then a full restore from backup
will be necessary.
 
You should be able to solve this problem like so:
- Restore the System registry file to a different location.
- Boot the server with a Bart PE boot CD.
- Copy the restored file to its correct location.

If this does not work then a full restore from backup
will be necessary.- Hide quoted text -

- Show quoted text -
Click to expand...

We have a networking company that helps us when we get into a bind.
They tried pretty much everything, and weren't successful. They say
that what they believe happened was that the secondary DC corrupted
the AD, and this corrupted AD was accepted by the primary DC. My
question is, if I restore the secondary DC to how it was when
everything was normal won't it update the primary DC in the same way?
 
Back
Top