Sign in with
Sign up | Sign in
Your question

Undo Group Policy changes? - Help!

Last response: in Windows 2000/NT
Share
September 7, 2005 12:06:02 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

I was trying to set up group policy to lock down a machine I am using for
Terminal Services, and I have apparently locked down my entire domain. I
can't even get to the Group Policy Management on the Domain Controller (says
it's disabled by policy). Is there a way to get into it, so I can figure out
what I did, and undo it? I need any advice anyone has.

Mike

More about : undo group policy

Anonymous
September 8, 2005 2:07:35 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Mike,

So I think you have to tell what exactly you did (in details), and what you
now do (in details) and the result (or error). Otherwise I cannot think of a
way to help.

br,
Denis

"Mike" <Mike@discussions.microsoft.com> wrote in message
news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
> Hi,
>
> I was trying to set up group policy to lock down a machine I am using for
> Terminal Services, and I have apparently locked down my entire domain. I
> can't even get to the Group Policy Management on the Domain Controller
(says
> it's disabled by policy). Is there a way to get into it, so I can figure
out
> what I did, and undo it? I need any advice anyone has.
>
> Mike
>
September 8, 2005 2:07:36 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Denis,

Thanks for the reply. Luckily I was able to fix the problem after sending
this note, but what happend was I created a new policy that was supposed to
apply to only one machine that I was setting up for running terminal
services. However, I applied it to the entire domain instead, and suddenly
found myself (and all my users) locked down, and I couldn't even log onto my
primary domain controller.
However, luckily, one of the secondary domain controllers hadn't had the
policy applied yet, and I was able to get into group policy and remove all
the settings I had changed, and reapply. Then the waiting game commenced to
see if the changes I made would propagate out to all the machines or not, and
luckily it did, and after a few reboots, I'm back to normal as best I can
tell.
With that said, are their any backdoors or administrative commands you can
install on a workstation to get to group policy management for editing
purposes in case something like this happens again?

Thanks,

Mike


"Denis Wong @ Hong Kong" wrote:

> Hi Mike,
>
> So I think you have to tell what exactly you did (in details), and what you
> now do (in details) and the result (or error). Otherwise I cannot think of a
> way to help.
>
> br,
> Denis
>
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
> > Hi,
> >
> > I was trying to set up group policy to lock down a machine I am using for
> > Terminal Services, and I have apparently locked down my entire domain. I
> > can't even get to the Group Policy Management on the Domain Controller
> (says
> > it's disabled by policy). Is there a way to get into it, so I can figure
> out
> > what I did, and undo it? I need any advice anyone has.
> >
> > Mike
> >
>
>
>
Related resources
Anonymous
September 9, 2005 3:10:43 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Mike,

You are so lucky.

It's hard to say if there's any backdoor. It really depends on what you did
(exactly) and you think of any workarounds out there. That's why I asked
what you did.

I was once locked out by myself in GP, and luckily I could think of a way
out. But don't ask me what happened, I bet I forgot it completely.

br,
Denis

"Mike" <Mike@discussions.microsoft.com> wrote in message
news:CA7C28F9-B242-479C-A9F2-794AB879802B@microsoft.com...
> Denis,
>
> Thanks for the reply. Luckily I was able to fix the problem after sending
> this note, but what happend was I created a new policy that was supposed
to
> apply to only one machine that I was setting up for running terminal
> services. However, I applied it to the entire domain instead, and
suddenly
> found myself (and all my users) locked down, and I couldn't even log onto
my
> primary domain controller.
> However, luckily, one of the secondary domain controllers hadn't had the
> policy applied yet, and I was able to get into group policy and remove all
> the settings I had changed, and reapply. Then the waiting game commenced
to
> see if the changes I made would propagate out to all the machines or not,
and
> luckily it did, and after a few reboots, I'm back to normal as best I can
> tell.
> With that said, are their any backdoors or administrative commands you can
> install on a workstation to get to group policy management for editing
> purposes in case something like this happens again?
>
> Thanks,
>
> Mike
>
>
> "Denis Wong @ Hong Kong" wrote:
>
> > Hi Mike,
> >
> > So I think you have to tell what exactly you did (in details), and what
you
> > now do (in details) and the result (or error). Otherwise I cannot think
of a
> > way to help.
> >
> > br,
> > Denis
> >
> > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
> > > Hi,
> > >
> > > I was trying to set up group policy to lock down a machine I am using
for
> > > Terminal Services, and I have apparently locked down my entire domain.
I
> > > can't even get to the Group Policy Management on the Domain Controller
> > (says
> > > it's disabled by policy). Is there a way to get into it, so I can
figure
> > out
> > > what I did, and undo it? I need any advice anyone has.
> > >
> > > Mike
> > >
> >
> >
> >
Anonymous
September 15, 2005 3:24:04 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Wow, yikes! Good thing the second DC was slow in getting the update!

--
Shaune

"Mike" <Mike@discussions.microsoft.com> wrote in message
news:CA7C28F9-B242-479C-A9F2-794AB879802B@microsoft.com...
> Denis,
>
> Thanks for the reply. Luckily I was able to fix the problem after sending
> this note, but what happend was I created a new policy that was supposed
to
> apply to only one machine that I was setting up for running terminal
> services. However, I applied it to the entire domain instead, and
suddenly
> found myself (and all my users) locked down, and I couldn't even log onto
my
> primary domain controller.
> However, luckily, one of the secondary domain controllers hadn't had the
> policy applied yet, and I was able to get into group policy and remove all
> the settings I had changed, and reapply. Then the waiting game commenced
to
> see if the changes I made would propagate out to all the machines or not,
and
> luckily it did, and after a few reboots, I'm back to normal as best I can
> tell.
> With that said, are their any backdoors or administrative commands you can
> install on a workstation to get to group policy management for editing
> purposes in case something like this happens again?
>
> Thanks,
>
> Mike
>
>
> "Denis Wong @ Hong Kong" wrote:
>
> > Hi Mike,
> >
> > So I think you have to tell what exactly you did (in details), and what
you
> > now do (in details) and the result (or error). Otherwise I cannot think
of a
> > way to help.
> >
> > br,
> > Denis
> >
> > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
> > > Hi,
> > >
> > > I was trying to set up group policy to lock down a machine I am using
for
> > > Terminal Services, and I have apparently locked down my entire domain.
I
> > > can't even get to the Group Policy Management on the Domain Controller
> > (says
> > > it's disabled by policy). Is there a way to get into it, so I can
figure
> > out
> > > what I did, and undo it? I need any advice anyone has.
> > >
> > > Mike
> > >
> >
> >
> >
!