Set default policy

[donavan]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,
i was trying to block a specific user from login on locally, so i used
the local security settings and selected "deny logon locally for
"everyone",so now I can't logon to the machine, i tried using the domain
admin's account and still get the notice "The local policy of this system
does not permit you to logon interactively"
Is there a way to get the settings back to it's default state by using the
recovery console?

Thanks in advance

Donavan

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

The easiest way for a domain computer would be to create an Organizational
Unit with a new GPO. In that GPO configure the user right for deny logon
locally to be just the guest account. Move the locked out computer into that
OU. Run secedit /refreshpolicy machine_policy /enforce on the domain
controller [assuming W2K dc]. Reboot the locked out computer and you should
be able to logon. The reverse the change in Local Security Policy on that
computer before you move it out of the OU. --- Steve


"Donavan" <Donavan@discussions.microsoft.com> wrote in message
news:2BDE6121-45B6-4C3B-B84B-84BC0E9D44A4@microsoft.com...
> Hi,
> i was trying to block a specific user from login on locally, so i used
> the local security settings and selected "deny logon locally for
> "everyone",so now I can't logon to the machine, i tried using the domain
> admin's account and still get the notice "The local policy of this system
> does not permit you to logon interactively"
> Is there a way to get the settings back to it's default state by using the
> recovery console?
>
> Thanks in advance
>
> Donavan