Set default policy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
i was trying to block a specific user from login on locally, so i used
the local security settings and selected "deny logon locally for
"everyone",so now I can't logon to the machine, i tried using the domain
admin's account and still get the notice "The local policy of this system
does not permit you to logon interactively"
Is there a way to get the settings back to it's default state by using the
recovery console?

Thanks in advance

Donavan
 
The easiest way for a domain computer would be to create an Organizational
Unit with a new GPO. In that GPO configure the user right for deny logon
locally to be just the guest account. Move the locked out computer into that
OU. Run secedit /refreshpolicy machine_policy /enforce on the domain
controller [assuming W2K dc]. Reboot the locked out computer and you should
be able to logon. The reverse the change in Local Security Policy on that
computer before you move it out of the OU. --- Steve
 
Back
Top