I recently edit my Group Policies in Windows 7 x64. I disabled several SQL accounts and set those accounts to deny logon locally. When I rebooted the machine none of my accounts can log in. The machine is not a domain controller, but the error is along the lines of this type of login is not allowed on this machine. How do I resolve this?
This is a personal computer, running Win-7 Pro or Ultimate 64 bit set up as a workgroup and/or homegroup?
Help the group out in describing where in local group policy (Local Machine Computer Config or User Config?) and the subfolders to review exactly what you changed. Do you have SQL express, or SQL installed on this computer? Also what are the choices to change it back?
Also what accounts are denied access (Users like yourself or other personal accounts, Local, Network, System)?
This is a home computer with Windows 7 x64 Ultimate. I installed SQL Server 2008 (conplete) with Visual Studio 2010. SQL 2005 is also installed.
I changed the settings in Local Security -> User Rights Assignment by deleting all SQL accounts from Allow Log on Locally. Basically I went through and removed all accounts that were not the default setting for User Rights (I clicked on the Explain tab to see what the defaults were). Then I set deny logon locally for SQL and SQL groups. I made sure (or thought I did) that my administrator and set accounts/groups were not part of the deny permissions.
Local users are denied logon ever since I made the change. I have not set up the computer for network logons yet (just built it) and in fact disabled remote desktop services and the Home Group so it is running as a default wokgroup.
I do have the ability to login to a 32-bit flavor of Windows 7 and navigate the directory tree of the OS I am trying to repair.
Another note is that the Windows 7 x64 OS is on a PCI-E SSD card so accessing it via command prompt was tricky hence the 32-bit OS I ressurected to access the disk.
Thanks John for your post on how I could provide better information in my question.
With the Win-7 64 bit OS, are you able to logOn OK and get to the desktop, even with the Adm account, or did you lock yourself out of the 64 bit version altogether?
Next question is, did you restrict permissions to SQL in the file structure by clicking on Share With (changed to nobody), or in the properties dialog box for the SQL program, under Security, or did you go to Local Group Policy Editor to make changes?
Might type in "group policy" in the search programs & files textbox, and see if SQL added entries, in Administrative Settings / System, or Windows Settings. You might be able to reset those policies there.
There aren't a lot of choices if you can't get past the Start up phases.
Just confirm that you get past the splash screen, the see "OS Loading" text, and graphical Windows Starting. Then it hangs, or does it ask for a authentication? If you can get past "OS loading" screen, then there are advanced boot options to try.
One thing you can try is to put in your installation DVD, add date, language, keyboard, then choose Recovery Environment.
In the list choose StartUp Repair and see if you have any success.
After running, at the bottom of the dialog box, it will give a root cause and repair steps, if any.
Do you have a lot of important data on the system drive, or can you clean install if need be?
John, I nuked the OS. With a bit of tinkering I was able to get at the data. The system is singing along once again. Thanks for your questions. I had a feeling the box was dead, but hoped I might fight a tool or idea that circumvented the GPO lockout. Again, I appreciate the time you took.