security

  • Thread starter Thread starter yqyq22
  • Start date Start date
Y

yqyq22

Dear all,
I have a w2k Active-directory environment plus 3 child
domains with about 30 domain controllers.
If someone with enterprise admin rights in the domain
security policy remove everyone from "access everyone from
the network" and then set deny log on locally for
everyone. HOw can I manage my active directory if I don't
be able to log on locally on all my domaincontrollers.
Is there a way to avoid this trouble.
thanks a lot, and I would like to have some link.
 
You would have to install a parallel install on the PDC and manually modify
the gpttmpl.inf for the Domain controller policy so that you could login
and access the policies. The inf is located in the
sysvol\domainname.com\policis\{6ac...}..secedit\gpttmpl.inf

257346 "Access This Computer from the Network" User Right Causes Tools Not
to
http://support.microsoft.com/?id=257346

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top