Undo Group Policy changes? - Help!

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

I was trying to set up group policy to lock down a machine I am using for
Terminal Services, and I have apparently locked down my entire domain. I
can't even get to the Group Policy Management on the Domain Controller (says
it's disabled by policy). Is there a way to get into it, so I can figure out
what I did, and undo it? I need any advice anyone has.

Mike
4 answers Last reply
More about undo group policy changes help
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi Mike,

    So I think you have to tell what exactly you did (in details), and what you
    now do (in details) and the result (or error). Otherwise I cannot think of a
    way to help.

    br,
    Denis

    "Mike" <Mike@discussions.microsoft.com> wrote in message
    news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
    > Hi,
    >
    > I was trying to set up group policy to lock down a machine I am using for
    > Terminal Services, and I have apparently locked down my entire domain. I
    > can't even get to the Group Policy Management on the Domain Controller
    (says
    > it's disabled by policy). Is there a way to get into it, so I can figure
    out
    > what I did, and undo it? I need any advice anyone has.
    >
    > Mike
    >
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Denis,

    Thanks for the reply. Luckily I was able to fix the problem after sending
    this note, but what happend was I created a new policy that was supposed to
    apply to only one machine that I was setting up for running terminal
    services. However, I applied it to the entire domain instead, and suddenly
    found myself (and all my users) locked down, and I couldn't even log onto my
    primary domain controller.
    However, luckily, one of the secondary domain controllers hadn't had the
    policy applied yet, and I was able to get into group policy and remove all
    the settings I had changed, and reapply. Then the waiting game commenced to
    see if the changes I made would propagate out to all the machines or not, and
    luckily it did, and after a few reboots, I'm back to normal as best I can
    tell.
    With that said, are their any backdoors or administrative commands you can
    install on a workstation to get to group policy management for editing
    purposes in case something like this happens again?

    Thanks,

    Mike


    "Denis Wong @ Hong Kong" wrote:

    > Hi Mike,
    >
    > So I think you have to tell what exactly you did (in details), and what you
    > now do (in details) and the result (or error). Otherwise I cannot think of a
    > way to help.
    >
    > br,
    > Denis
    >
    > "Mike" <Mike@discussions.microsoft.com> wrote in message
    > news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
    > > Hi,
    > >
    > > I was trying to set up group policy to lock down a machine I am using for
    > > Terminal Services, and I have apparently locked down my entire domain. I
    > > can't even get to the Group Policy Management on the Domain Controller
    > (says
    > > it's disabled by policy). Is there a way to get into it, so I can figure
    > out
    > > what I did, and undo it? I need any advice anyone has.
    > >
    > > Mike
    > >
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi Mike,

    You are so lucky.

    It's hard to say if there's any backdoor. It really depends on what you did
    (exactly) and you think of any workarounds out there. That's why I asked
    what you did.

    I was once locked out by myself in GP, and luckily I could think of a way
    out. But don't ask me what happened, I bet I forgot it completely.

    br,
    Denis

    "Mike" <Mike@discussions.microsoft.com> wrote in message
    news:CA7C28F9-B242-479C-A9F2-794AB879802B@microsoft.com...
    > Denis,
    >
    > Thanks for the reply. Luckily I was able to fix the problem after sending
    > this note, but what happend was I created a new policy that was supposed
    to
    > apply to only one machine that I was setting up for running terminal
    > services. However, I applied it to the entire domain instead, and
    suddenly
    > found myself (and all my users) locked down, and I couldn't even log onto
    my
    > primary domain controller.
    > However, luckily, one of the secondary domain controllers hadn't had the
    > policy applied yet, and I was able to get into group policy and remove all
    > the settings I had changed, and reapply. Then the waiting game commenced
    to
    > see if the changes I made would propagate out to all the machines or not,
    and
    > luckily it did, and after a few reboots, I'm back to normal as best I can
    > tell.
    > With that said, are their any backdoors or administrative commands you can
    > install on a workstation to get to group policy management for editing
    > purposes in case something like this happens again?
    >
    > Thanks,
    >
    > Mike
    >
    >
    > "Denis Wong @ Hong Kong" wrote:
    >
    > > Hi Mike,
    > >
    > > So I think you have to tell what exactly you did (in details), and what
    you
    > > now do (in details) and the result (or error). Otherwise I cannot think
    of a
    > > way to help.
    > >
    > > br,
    > > Denis
    > >
    > > "Mike" <Mike@discussions.microsoft.com> wrote in message
    > > news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
    > > > Hi,
    > > >
    > > > I was trying to set up group policy to lock down a machine I am using
    for
    > > > Terminal Services, and I have apparently locked down my entire domain.
    I
    > > > can't even get to the Group Policy Management on the Domain Controller
    > > (says
    > > > it's disabled by policy). Is there a way to get into it, so I can
    figure
    > > out
    > > > what I did, and undo it? I need any advice anyone has.
    > > >
    > > > Mike
    > > >
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Wow, yikes! Good thing the second DC was slow in getting the update!

    --
    Shaune

    "Mike" <Mike@discussions.microsoft.com> wrote in message
    news:CA7C28F9-B242-479C-A9F2-794AB879802B@microsoft.com...
    > Denis,
    >
    > Thanks for the reply. Luckily I was able to fix the problem after sending
    > this note, but what happend was I created a new policy that was supposed
    to
    > apply to only one machine that I was setting up for running terminal
    > services. However, I applied it to the entire domain instead, and
    suddenly
    > found myself (and all my users) locked down, and I couldn't even log onto
    my
    > primary domain controller.
    > However, luckily, one of the secondary domain controllers hadn't had the
    > policy applied yet, and I was able to get into group policy and remove all
    > the settings I had changed, and reapply. Then the waiting game commenced
    to
    > see if the changes I made would propagate out to all the machines or not,
    and
    > luckily it did, and after a few reboots, I'm back to normal as best I can
    > tell.
    > With that said, are their any backdoors or administrative commands you can
    > install on a workstation to get to group policy management for editing
    > purposes in case something like this happens again?
    >
    > Thanks,
    >
    > Mike
    >
    >
    > "Denis Wong @ Hong Kong" wrote:
    >
    > > Hi Mike,
    > >
    > > So I think you have to tell what exactly you did (in details), and what
    you
    > > now do (in details) and the result (or error). Otherwise I cannot think
    of a
    > > way to help.
    > >
    > > br,
    > > Denis
    > >
    > > "Mike" <Mike@discussions.microsoft.com> wrote in message
    > > news:0A8C7454-B51B-41C4-9C50-3C229518C70D@microsoft.com...
    > > > Hi,
    > > >
    > > > I was trying to set up group policy to lock down a machine I am using
    for
    > > > Terminal Services, and I have apparently locked down my entire domain.
    I
    > > > can't even get to the Group Policy Management on the Domain Controller
    > > (says
    > > > it's disabled by policy). Is there a way to get into it, so I can
    figure
    > > out
    > > > what I did, and undo it? I need any advice anyone has.
    > > >
    > > > Mike
    > > >
    > >
    > >
    > >
Ask a new question

Read More

Policy Domain Controller Microsoft Windows