Ok. let me simplify the question

  • Thread starter Thread starter tony
  • Start date Start date
T

tony

If accidently you 'deny' read on Domain Group Policy for
the entire domain admin/enterprise admin and local admin
on a windows 2000 domain controller and now you cannot get
in, how do you give access to yourself back?
Because when I try to open 'Domain Group Policy' , it
doesn't let me is as I don't have read access.
 
Hello Tony,

Try this, on a Domain Controller go to the

Winnt\Sysvol\Domainname\Sysvol\Policies\31b... Directory.

The 31b.. GUID is the default domain policy, you should have it unless you
deleted and recreated the policy at some point.

Right click the folder, go to properties, security, and advanced see if you
can take ownership of it. If you can see if you can recreate the NTFS
permissions and check the box after pressing advanced so it reset
permissions on all subcontainers. (if you get a message about inherited
permissions press the copy button at the prompt)

Let me know if that worked.

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
Back
Top