Remote admin problem

  • Thread starter Thread starter RoryD
  • Start date Start date
R

RoryD

One of my users had local admin rights on his PC, and he removed the Domain
Admins group from the loca Admin group, so now I can access his PC across
the network at all. Is there any way of remotely getting back admin rights,
without having to travel to the site where he is? (I have domain admin p/w
and the p/w of the local user in question).

TIA,

RoryD
 
You could create an Organizational Unit for that computer with it's own GPO.
Configure restricted groups on that OU to have the domain admins group in
administrators group. Move that computer in into that OU. Refresh the policy
on the domain controller via secedit /refreshpolicy machine_policy /enforce.
Sit back and wait for up to a couple hours for that computer to refresh it's
security policy or try to get someone to reboot it. The domain admins group
should then be in the local administrators group again as long as that
computer is still a domain member with a current computer account. The link
below explains more on restricted groups. You can move the computer out of
the temporary OU when finished. Note that be design restricted groups will
remove other members of the local administrator group other than built in
administrator account. --- Steve


http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065
 
Back
Top