Sign in with
Sign up | Sign in
Your question

Can't logon to windows2000

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
June 26, 2004 2:21:33 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I use my PC locally only so last night I was trying to
bypass the Windows logon screen. I thought I had made the
proper adjustments within "Local Security Policy"
and "Users & Passwords" to allow for a straight boot up
without the popup Windows logon box.

This morning, when I booted up my PC, the Windows logon
box still comes up so i went ahead and hit "OK" like i had
always dine previously using Administrator as my ID. Then
I got a popup message stating "The local policy of this
system does not permit you to logon interactively."

I hit OK and the above message keeps coming up. How can I
go back and reset the logon settings the way they were?

TY JWC062404

More about : logon windows2000

Anonymous
a b 8 Security
June 26, 2004 10:30:19 PM

Archived from groups: microsoft.public.win2000.security (More info?)

See the tips in the link below. If you do not have a another computer on the network
you are going to need to try and replace the secedit.sdb file on your computer some
other way such as by putting your hard drive in another computer as a slave/secondary
drive or doing a parallel install of the operating system [best done into another
partition] in order to do the repair being very careful NOT to install over your
existing installation and do NOT format your drive, which you can delete when you are
done. Specifically what happened is either you removed groups from the logon
locally user right or added a group to the deny logon locally user right [more
likely]. --- Steve

http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;266465

"JWC062604" <anonymous@discussions.microsoft.com> wrote in message
news:21dd501c45ba2$07056480$a401280a@phx.gbl...
> I use my PC locally only so last night I was trying to
> bypass the Windows logon screen. I thought I had made the
> proper adjustments within "Local Security Policy"
> and "Users & Passwords" to allow for a straight boot up
> without the popup Windows logon box.
>
> This morning, when I booted up my PC, the Windows logon
> box still comes up so i went ahead and hit "OK" like i had
> always dine previously using Administrator as my ID. Then
> I got a popup message stating "The local policy of this
> system does not permit you to logon interactively."
>
> I hit OK and the above message keeps coming up. How can I
> go back and reset the logon settings the way they were?
>
> TY JWC062404
>
>
>
>
Anonymous
a b 8 Security
June 26, 2004 10:30:20 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steve:

Man, I'm not EVEN going to try that one by myself. I'm
going to take my PC to a professional to do it. Thank you
very much for the advice. I will print it out and look for
a pro to perform these tasks.

JWC

>-----Original Message-----
>See the tips in the link below. If you do not have a
another computer on the network
>you are going to need to try and replace the secedit.sdb
file on your computer some
>other way such as by putting your hard drive in another
computer as a slave/secondary
>drive or doing a parallel install of the operating system
[best done into another
>partition] in order to do the repair being very careful
NOT to install over your
>existing installation and do NOT format your drive, which
you can delete when you are
>done. Specifically what happened is either you removed
groups from the logon
>locally user right or added a group to the deny logon
locally user right [more
>likely]. --- Steve
>
>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;266465
>
>"JWC062604" <anonymous@discussions.microsoft.com> wrote
in message
>news:21dd501c45ba2$07056480$a401280a@phx.gbl...
>> I use my PC locally only so last night I was trying to
>> bypass the Windows logon screen. I thought I had made
the
>> proper adjustments within "Local Security Policy"
>> and "Users & Passwords" to allow for a straight boot up
>> without the popup Windows logon box.
>>
>> This morning, when I booted up my PC, the Windows logon
>> box still comes up so i went ahead and hit "OK" like i
had
>> always dine previously using Administrator as my ID.
Then
>> I got a popup message stating "The local policy of this
>> system does not permit you to logon interactively."
>>
>> I hit OK and the above message keeps coming up. How can
I
>> go back and reset the logon settings the way they were?
>>
>> TY JWC062404
>>
>>
>>
>>
>
>
>.
>
Related resources
Anonymous
a b 8 Security
June 26, 2004 10:30:20 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steve:

I actually do have another PC on my (2 PC) network. This
is how I am communicating now. My purpose for the network
was so both PC's could share the cable modem to the net.
That's the only reason that I have the network.

Are there other instructions possible with a PC on the
network? Or how might a professional repair this problem?
I would take the machine to a firm that only dealt with
larger, corporate clients.

Please respond.
JWC062604

>-----Original Message-----
>See the tips in the link below. If you do not have a
another computer on the network
>you are going to need to try and replace the secedit.sdb
file on your computer some
>other way such as by putting your hard drive in another
computer as a slave/secondary
>drive or doing a parallel install of the operating system
[best done into another
>partition] in order to do the repair being very careful
NOT to install over your
>existing installation and do NOT format your drive, which
you can delete when you are
>done. Specifically what happened is either you removed
groups from the logon
>locally user right or added a group to the deny logon
locally user right [more
>likely]. --- Steve
>
>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;266465
>
>"JWC062604" <anonymous@discussions.microsoft.com> wrote
in message
>news:21dd501c45ba2$07056480$a401280a@phx.gbl...
>> I use my PC locally only so last night I was trying to
>> bypass the Windows logon screen. I thought I had made
the
>> proper adjustments within "Local Security Policy"
>> and "Users & Passwords" to allow for a straight boot up
>> without the popup Windows logon box.
>>
>> This morning, when I booted up my PC, the Windows logon
>> box still comes up so i went ahead and hit "OK" like i
had
>> always dine previously using Administrator as my ID.
Then
>> I got a popup message stating "The local policy of this
>> system does not permit you to logon interactively."
>>
>> I hit OK and the above message keeps coming up. How can
I
>> go back and reset the logon settings the way they were?
>>
>> TY JWC062404
>>
>>
>>
>>
>
>
>.
>
Anonymous
a b 8 Security
June 27, 2004 3:55:25 AM

Archived from groups: microsoft.public.win2000.security (More info?)

The link I showed shows exactly how to do that. Here are the basic steps.
Substitute your actual computer name for the locked out computer where I
show "computername". If you don't know the computers actual name, you should
see it in My Network Places on the good computer. Hopefully your working
computer is a Windows 2000 Pro computer or this will not work and stop after
verifiyng or not that you can access the C$ folder on the locked out
computer as described in the second sentence below. If you can at least
access the c$ folder there may be another option but I need to know the
operating system of your good computer. If you can not access the c$ drive
you will need to try to take it to someone who can slave the drive in
another computer running Windows 2000 or XP to try and repair it or
reinstall the operating system which can be done without destroying your
data but will require that you reinstall all of your applications, service
pack, and critical updates. Note that if you have any EFS encrypted files,
that a reinstall that is not an "upgrade" install will prevent you from ever
accessing them again unless you backed up your EFS privaye keys.

http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm

First logon to your other computer with a logon name and password that
exists on the locked out computer that is an administrator on that computer.
Create the account on your "good" computer if need be.

In the run box type \\computername\c$ and then enter. If it brings up the
administrative share on the other computer which should show the whole drive
you are in. I am assumming c drive is where your operating system is at and
if it is not use the correct drive letter.

Go to the \winnt\security\database folder. First open the winnt folder and
then the others in the order shown. Folders are in alphabetical order within
a folder.This is called the "path". You should see a file called secedit.sdb
in the window to the right. Right click that file and select rename. Rename
it seceditold.sdm and hit enter.

Minimize the Explorer Window by selecting the minimize icon in the top right
hand corner. Now on your "good" computer go to the same folder path and find
the copy of secedit.sdb on it. Right click that file and select copy. Now
maximize the Explorer Window on your locked out computer and put your
pointer in the window to the right where you now have a file called
seceditold.sdb. Right click your mouse and select paste and you should now
see a copy of secedit.sdb from the other computer that you just copied.
Close your Explorer Windows and reboot the locked out computer to see if it
helps and let me know. --- Steve

"JWC062604" <anonymous@discussions.microsoft.com> wrote in message
news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
> Steve:
>
> I actually do have another PC on my (2 PC) network. This
> is how I am communicating now. My purpose for the network
> was so both PC's could share the cable modem to the net.
> That's the only reason that I have the network.
>
> Are there other instructions possible with a PC on the
> network? Or how might a professional repair this problem?
> I would take the machine to a firm that only dealt with
> larger, corporate clients.
>
> Please respond.
> JWC062604
>
> >-----Original Message-----
> >See the tips in the link below. If you do not have a
> another computer on the network
> >you are going to need to try and replace the secedit.sdb
> file on your computer some
> >other way such as by putting your hard drive in another
> computer as a slave/secondary
> >drive or doing a parallel install of the operating system
> [best done into another
> >partition] in order to do the repair being very careful
> NOT to install over your
> >existing installation and do NOT format your drive, which
> you can delete when you are
> >done. Specifically what happened is either you removed
> groups from the logon
> >locally user right or added a group to the deny logon
> locally user right [more
> >likely]. --- Steve
> >
> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;266465
> >
> >"JWC062604" <anonymous@discussions.microsoft.com> wrote
> in message
> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
> >> I use my PC locally only so last night I was trying to
> >> bypass the Windows logon screen. I thought I had made
> the
> >> proper adjustments within "Local Security Policy"
> >> and "Users & Passwords" to allow for a straight boot up
> >> without the popup Windows logon box.
> >>
> >> This morning, when I booted up my PC, the Windows logon
> >> box still comes up so i went ahead and hit "OK" like i
> had
> >> always dine previously using Administrator as my ID.
> Then
> >> I got a popup message stating "The local policy of this
> >> system does not permit you to logon interactively."
> >>
> >> I hit OK and the above message keeps coming up. How can
> I
> >> go back and reset the logon settings the way they were?
> >>
> >> TY JWC062404
> >>
> >>
> >>
> >>
> >
> >
> >.
> >
Anonymous
a b 8 Security
June 27, 2004 3:55:26 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks, Steve. You've been a life saver.

JWC062604

>-----Original Message-----
>The link I showed shows exactly how to do that. Here are
the basic steps.
>Substitute your actual computer name for the locked out
computer where I
>show "computername". If you don't know the computers
actual name, you should
>see it in My Network Places on the good computer.
Hopefully your working
>computer is a Windows 2000 Pro computer or this will not
work and stop after
>verifiyng or not that you can access the C$ folder on the
locked out
>computer as described in the second sentence below. If
you can at least
>access the c$ folder there may be another option but I
need to know the
>operating system of your good computer. If you can not
access the c$ drive
>you will need to try to take it to someone who can slave
the drive in
>another computer running Windows 2000 or XP to try and
repair it or
>reinstall the operating system which can be done without
destroying your
>data but will require that you reinstall all of your
applications, service
>pack, and critical updates. Note that if you have any EFS
encrypted files,
>that a reinstall that is not an "upgrade" install will
prevent you from ever
>accessing them again unless you backed up your EFS
privaye keys.
>
>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>
>First logon to your other computer with a logon name and
password that
>exists on the locked out computer that is an
administrator on that computer.
>Create the account on your "good" computer if need be.
>
>In the run box type \\computername\c$ and then enter. If
it brings up the
>administrative share on the other computer which should
show the whole drive
>you are in. I am assumming c drive is where your
operating system is at and
>if it is not use the correct drive letter.
>
>Go to the \winnt\security\database folder. First open the
winnt folder and
>then the others in the order shown. Folders are in
alphabetical order within
>a folder.This is called the "path". You should see a file
called secedit.sdb
>in the window to the right. Right click that file and
select rename. Rename
>it seceditold.sdm and hit enter.
>
>Minimize the Explorer Window by selecting the minimize
icon in the top right
>hand corner. Now on your "good" computer go to the same
folder path and find
>the copy of secedit.sdb on it. Right click that file and
select copy. Now
>maximize the Explorer Window on your locked out computer
and put your
>pointer in the window to the right where you now have a
file called
>seceditold.sdb. Right click your mouse and select paste
and you should now
>see a copy of secedit.sdb from the other computer that
you just copied.
>Close your Explorer Windows and reboot the locked out
computer to see if it
>helps and let me know. --- Steve
>
>"JWC062604" <anonymous@discussions.microsoft.com> wrote
in message
>news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
>> Steve:
>>
>> I actually do have another PC on my (2 PC) network. This
>> is how I am communicating now. My purpose for the
network
>> was so both PC's could share the cable modem to the net.
>> That's the only reason that I have the network.
>>
>> Are there other instructions possible with a PC on the
>> network? Or how might a professional repair this
problem?
>> I would take the machine to a firm that only dealt with
>> larger, corporate clients.
>>
>> Please respond.
>> JWC062604
>>
>> >-----Original Message-----
>> >See the tips in the link below. If you do not have a
>> another computer on the network
>> >you are going to need to try and replace the
secedit.sdb
>> file on your computer some
>> >other way such as by putting your hard drive in another
>> computer as a slave/secondary
>> >drive or doing a parallel install of the operating
system
>> [best done into another
>> >partition] in order to do the repair being very careful
>> NOT to install over your
>> >existing installation and do NOT format your drive,
which
>> you can delete when you are
>> >done. Specifically what happened is either you removed
>> groups from the logon
>> >locally user right or added a group to the deny logon
>> locally user right [more
>> >likely]. --- Steve
>> >
>> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>> >http://support.microsoft.com/default.aspx?scid=kb;en-
>> us;266465
>> >
>> >"JWC062604" <anonymous@discussions.microsoft.com> wrote
>> in message
>> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
>> >> I use my PC locally only so last night I was trying
to
>> >> bypass the Windows logon screen. I thought I had made
>> the
>> >> proper adjustments within "Local Security Policy"
>> >> and "Users & Passwords" to allow for a straight boot
up
>> >> without the popup Windows logon box.
>> >>
>> >> This morning, when I booted up my PC, the Windows
logon
>> >> box still comes up so i went ahead and hit "OK" like
i
>> had
>> >> always dine previously using Administrator as my ID.
>> Then
>> >> I got a popup message stating "The local policy of
this
>> >> system does not permit you to logon interactively."
>> >>
>> >> I hit OK and the above message keeps coming up. How
can
>> I
>> >> go back and reset the logon settings the way they
were?
>> >>
>> >> TY JWC062404
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>
Anonymous
a b 8 Security
June 27, 2004 10:53:53 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Did you find an answer to your problem? I am having the
same problem. Please let me know if you found a way to
resolve this. Thanks.
>-----Original Message-----
>I use my PC locally only so last night I was trying to
>bypass the Windows logon screen. I thought I had made the
>proper adjustments within "Local Security Policy"
>and "Users & Passwords" to allow for a straight boot up
>without the popup Windows logon box.
>
>This morning, when I booted up my PC, the Windows logon
>box still comes up so i went ahead and hit "OK" like i
had
>always dine previously using Administrator as my ID. Then
>I got a popup message stating "The local policy of this
>system does not permit you to logon interactively."
>
>I hit OK and the above message keeps coming up. How can I
>go back and reset the logon settings the way they were?
>
>TY JWC062404
>
>
>
>
>.
>
Anonymous
a b 8 Security
June 27, 2004 8:55:37 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steve:

It did not work.

I was able to access my "locked" PC's C Drive by using
the "\\computername\c$".

Important points I want feedback on:

1) My working PC originally ran on Win 98 and was upgraded
to Win 2000. It was not a clean install. I was an upgrade.
Also my 2nd PC runs on a PII 233. My locked PC is a 800mh
celeron.

2) What if I added a 3rd PC running on a clean install of
Win2000 to my network and added it to my workgroup. Then I
could copy it's "secedit.sdb" to it. Would that help?

3) When I copy/pasted the "secedit.sdb" to the locked PC,
I did not delete the now name changed "seceditold.sdb". I
pasted my 2nd PC's copied secedit.sdb next to it in the
database folder. So, in the end, the database folder on my
locked PC had the new/copied "secedit.sdb" file and the
name changed "seceditold.sdb" file still for the fix it
boot up. (Did that cause a problem?)

4) I noticed on JSI FAQ #3361 that it says to rename
the "secedit.sdb" file to "secedit.old_sdb". That is
different from your suggestion. You said to rename the
file "seceditold.sdb". Does that make a difference?

5) Looking at JSI FAQ #3361 that it says the cause
was "Local Security Policy has been set to deny logon
right to everyone." I do not recall "setting a deny" at
all. I did delete some "user groups" that I didn't think I
needed. My guess is that the problem is a missing group
not a deny to everyone. I recall setting a lot of the
security settings to allow for everyone. i do not recall
one time where I set security to deny everyone.

6) Over my many attempts to boot up the locked PC, I tried
Safe Mode. I watched the as the black screen scrolled
through all of the driver names. Eventually the scrolling
ends and the PC sits for quite a while. Could it be stuck
trying to load a bad driver? Can I try the "return to the
last good configuration" route?

Once I was able to move throughout my locked PC's file
structure using "\\computername\c$", I feel pretty
optimistic that this can now be fixed throught the network
somehow.

At very worst, I can at least copy everything off of the
PC to a 3rd PC and save it there or burn a CD.
Unfortunately, my existing 2nd PC has only a 4 gig
harddrive so it won't work. It is far too small. Plus it
only had about 225 meg left. It is far too small to
attempt a move.

I assume it would be possible to add a third (& larger HD)
PC to my 4 port router and move the files there. At least
I now access to my Outlook email contact files and
email .pst files with info I badly need.

Also, I had copied installation CD's directly to my locked
PC's HD for save keeping in case something happened to the
CD's themselves. At least now I can move these files to a
3rd PC.


>-----Original Message-----
>Thanks, Steve. You've been a life saver.
>
>JWC062604
>
>>-----Original Message-----
>>The link I showed shows exactly how to do that. Here are
>the basic steps.
>>Substitute your actual computer name for the locked out
>computer where I
>>show "computername". If you don't know the computers
>actual name, you should
>>see it in My Network Places on the good computer.
>Hopefully your working
>>computer is a Windows 2000 Pro computer or this will not
>work and stop after
>>verifiyng or not that you can access the C$ folder on
the
>locked out
>>computer as described in the second sentence below. If
>you can at least
>>access the c$ folder there may be another option but I
>need to know the
>>operating system of your good computer. If you can not
>access the c$ drive
>>you will need to try to take it to someone who can slave
>the drive in
>>another computer running Windows 2000 or XP to try and
>repair it or
>>reinstall the operating system which can be done without
>destroying your
>>data but will require that you reinstall all of your
>applications, service
>>pack, and critical updates. Note that if you have any
EFS
>encrypted files,
>>that a reinstall that is not an "upgrade" install will
>prevent you from ever
>>accessing them again unless you backed up your EFS
>privaye keys.
>>
>>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>>
>>First logon to your other computer with a logon name and
>password that
>>exists on the locked out computer that is an
>administrator on that computer.
>>Create the account on your "good" computer if need be.
>>
>>In the run box type \\computername\c$ and then enter. If
>it brings up the
>>administrative share on the other computer which should
>show the whole drive
>>you are in. I am assumming c drive is where your
>operating system is at and
>>if it is not use the correct drive letter.
>>
>>Go to the \winnt\security\database folder. First open
the
>winnt folder and
>>then the others in the order shown. Folders are in
>alphabetical order within
>>a folder.This is called the "path". You should see a
file
>called secedit.sdb
>>in the window to the right. Right click that file and
>select rename. Rename
>>it seceditold.sdm and hit enter.
>>
>>Minimize the Explorer Window by selecting the minimize
>icon in the top right
>>hand corner. Now on your "good" computer go to the same
>folder path and find
>>the copy of secedit.sdb on it. Right click that file and
>select copy. Now
>>maximize the Explorer Window on your locked out computer
>and put your
>>pointer in the window to the right where you now have a
>file called
>>seceditold.sdb. Right click your mouse and select paste
>and you should now
>>see a copy of secedit.sdb from the other computer that
>you just copied.
>>Close your Explorer Windows and reboot the locked out
>computer to see if it
>>helps and let me know. --- Steve
>>
>>"JWC062604" <anonymous@discussions.microsoft.com> wrote
>in message
>>news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
>>> Steve:
>>>
>>> I actually do have another PC on my (2 PC) network.
This
>>> is how I am communicating now. My purpose for the
>network
>>> was so both PC's could share the cable modem to the
net.
>>> That's the only reason that I have the network.
>>>
>>> Are there other instructions possible with a PC on the
>>> network? Or how might a professional repair this
>problem?
>>> I would take the machine to a firm that only dealt with
>>> larger, corporate clients.
>>>
>>> Please respond.
>>> JWC062604
>>>
>>> >-----Original Message-----
>>> >See the tips in the link below. If you do not have a
>>> another computer on the network
>>> >you are going to need to try and replace the
>secedit.sdb
>>> file on your computer some
>>> >other way such as by putting your hard drive in
another
>>> computer as a slave/secondary
>>> >drive or doing a parallel install of the operating
>system
>>> [best done into another
>>> >partition] in order to do the repair being very
careful
>>> NOT to install over your
>>> >existing installation and do NOT format your drive,
>which
>>> you can delete when you are
>>> >done. Specifically what happened is either you
removed
>>> groups from the logon
>>> >locally user right or added a group to the deny logon
>>> locally user right [more
>>> >likely]. --- Steve
>>> >
>>> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>>> >http://support.microsoft.com/default.aspx?scid=kb;en-
>>> us;266465
>>> >
>>> >"JWC062604" <anonymous@discussions.microsoft.com>
wrote
>>> in message
>>> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
>>> >> I use my PC locally only so last night I was trying
>to
>>> >> bypass the Windows logon screen. I thought I had
made
>>> the
>>> >> proper adjustments within "Local Security Policy"
>>> >> and "Users & Passwords" to allow for a straight
boot
>up
>>> >> without the popup Windows logon box.
>>> >>
>>> >> This morning, when I booted up my PC, the Windows
>logon
>>> >> box still comes up so i went ahead and hit "OK"
like
>i
>>> had
>>> >> always dine previously using Administrator as my ID.
>>> Then
>>> >> I got a popup message stating "The local policy of
>this
>>> >> system does not permit you to logon interactively."
>>> >>
>>> >> I hit OK and the above message keeps coming up. How
>can
>>> I
>>> >> go back and reset the logon settings the way they
>were?
>>> >>
>>> >> TY JWC062404
>>> >>
>>> >>
>>> >>
>>> >>
>>> >
>>> >
>>> >.
>>> >
>>
>>
>>.
>>
>.
>
Anonymous
a b 8 Security
June 28, 2004 5:26:05 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hmm. There is no guarantee that method will work all the time. I don't
believe it will make any difference about renaming the old file. Try
removing the old file to another folder and leaving the new secedit.sdb file
alone in that folder. It is always best practice to rename a critical file
in case something goes really bad or you need it later for configuration
purposes. Let's go to plan B.

First go to http://www.petri.co.il/download_free_reskit_tools.htm
and download Ntrights and unzip it and copy it to your \winnt\system32
folder on your good computer. Read the link below on ntrights to remove deny
logon rights as an example of how it is used.

http://support.microsoft.com/default.aspx?scid=kb;en-us;276590

Enter this command on your good computer [substituting real computer name]
while logged on as an administrator on the locked out computer to give users
group the right to logon interactively.

ntrights -m \\computername -u users +r SeInteractiveLogonRight . Type or
copy it exactly as shown as the right is case sensitive.

I noticed that Petri link to ntrights is currently down. You can also get
ntrights from a package of tools in the link below. You will probably have
to install all of them and then just move ntrights to your \winnt\system32
folder. Delete the rest of them as they are for W2003 Server but hopefully
ntrights will work.

http://www.microsoft.com/downloads/details.aspx?FamilyI...
96ee-b18c4790cffd&displaylang=en
http://tinyurl.com/a32f -- same link as above in case of wrap

Plan C. ******

Go to SysInternals and download Psexec, unzip it and download it into your
\winnsystem32 folder.

http://www.sysinternals.com/ntw2k/freeware/psexec.shtml

Enter the command psexec \\computername cmd.exe [again using real
computername]

You should see a command prompt on your screen for the locked out computer.
If you do, then enter the command using secedit in the KB link below and
append /areas user_rights after it [as shown under link] and hit enter. You
can copy and paste the command and then add /areas user_rights after it. If
you goof up and it executes without the /areas user_rights, don't worry
about it. It will just take a lot longer and maybe change some security
policy settings you modified from default if any.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

secedit /configure /cfg %windir%\repair\secsetup.inf /db
secsetup.sdb /verbose /areas user_rights

Hoefully one of the two methods will help. --- Steve
..
"JWC062604" <anonymous@discussions.microsoft.com> wrote in message
news:2250d01c45ca2$3e7a8250$a001280a@phx.gbl...
> Steve:
>
> It did not work.
>
> I was able to access my "locked" PC's C Drive by using
> the "\\computername\c$".
>
> Important points I want feedback on:
>
> 1) My working PC originally ran on Win 98 and was upgraded
> to Win 2000. It was not a clean install. I was an upgrade.
> Also my 2nd PC runs on a PII 233. My locked PC is a 800mh
> celeron.
>
> 2) What if I added a 3rd PC running on a clean install of
> Win2000 to my network and added it to my workgroup. Then I
> could copy it's "secedit.sdb" to it. Would that help?
>
> 3) When I copy/pasted the "secedit.sdb" to the locked PC,
> I did not delete the now name changed "seceditold.sdb". I
> pasted my 2nd PC's copied secedit.sdb next to it in the
> database folder. So, in the end, the database folder on my
> locked PC had the new/copied "secedit.sdb" file and the
> name changed "seceditold.sdb" file still for the fix it
> boot up. (Did that cause a problem?)
>
> 4) I noticed on JSI FAQ #3361 that it says to rename
> the "secedit.sdb" file to "secedit.old_sdb". That is
> different from your suggestion. You said to rename the
> file "seceditold.sdb". Does that make a difference?
>
> 5) Looking at JSI FAQ #3361 that it says the cause
> was "Local Security Policy has been set to deny logon
> right to everyone." I do not recall "setting a deny" at
> all. I did delete some "user groups" that I didn't think I
> needed. My guess is that the problem is a missing group
> not a deny to everyone. I recall setting a lot of the
> security settings to allow for everyone. i do not recall
> one time where I set security to deny everyone.
>
> 6) Over my many attempts to boot up the locked PC, I tried
> Safe Mode. I watched the as the black screen scrolled
> through all of the driver names. Eventually the scrolling
> ends and the PC sits for quite a while. Could it be stuck
> trying to load a bad driver? Can I try the "return to the
> last good configuration" route?
>
> Once I was able to move throughout my locked PC's file
> structure using "\\computername\c$", I feel pretty
> optimistic that this can now be fixed throught the network
> somehow.
>
> At very worst, I can at least copy everything off of the
> PC to a 3rd PC and save it there or burn a CD.
> Unfortunately, my existing 2nd PC has only a 4 gig
> harddrive so it won't work. It is far too small. Plus it
> only had about 225 meg left. It is far too small to
> attempt a move.
>
> I assume it would be possible to add a third (& larger HD)
> PC to my 4 port router and move the files there. At least
> I now access to my Outlook email contact files and
> email .pst files with info I badly need.
>
> Also, I had copied installation CD's directly to my locked
> PC's HD for save keeping in case something happened to the
> CD's themselves. At least now I can move these files to a
> 3rd PC.
>
>
> >-----Original Message-----
> >Thanks, Steve. You've been a life saver.
> >
> >JWC062604
> >
> >>-----Original Message-----
> >>The link I showed shows exactly how to do that. Here are
> >the basic steps.
> >>Substitute your actual computer name for the locked out
> >computer where I
> >>show "computername". If you don't know the computers
> >actual name, you should
> >>see it in My Network Places on the good computer.
> >Hopefully your working
> >>computer is a Windows 2000 Pro computer or this will not
> >work and stop after
> >>verifiyng or not that you can access the C$ folder on
> the
> >locked out
> >>computer as described in the second sentence below. If
> >you can at least
> >>access the c$ folder there may be another option but I
> >need to know the
> >>operating system of your good computer. If you can not
> >access the c$ drive
> >>you will need to try to take it to someone who can slave
> >the drive in
> >>another computer running Windows 2000 or XP to try and
> >repair it or
> >>reinstall the operating system which can be done without
> >destroying your
> >>data but will require that you reinstall all of your
> >applications, service
> >>pack, and critical updates. Note that if you have any
> EFS
> >encrypted files,
> >>that a reinstall that is not an "upgrade" install will
> >prevent you from ever
> >>accessing them again unless you backed up your EFS
> >privaye keys.
> >>
> >>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >>
> >>First logon to your other computer with a logon name and
> >password that
> >>exists on the locked out computer that is an
> >administrator on that computer.
> >>Create the account on your "good" computer if need be.
> >>
> >>In the run box type \\computername\c$ and then enter. If
> >it brings up the
> >>administrative share on the other computer which should
> >show the whole drive
> >>you are in. I am assumming c drive is where your
> >operating system is at and
> >>if it is not use the correct drive letter.
> >>
> >>Go to the \winnt\security\database folder. First open
> the
> >winnt folder and
> >>then the others in the order shown. Folders are in
> >alphabetical order within
> >>a folder.This is called the "path". You should see a
> file
> >called secedit.sdb
> >>in the window to the right. Right click that file and
> >select rename. Rename
> >>it seceditold.sdm and hit enter.
> >>
> >>Minimize the Explorer Window by selecting the minimize
> >icon in the top right
> >>hand corner. Now on your "good" computer go to the same
> >folder path and find
> >>the copy of secedit.sdb on it. Right click that file and
> >select copy. Now
> >>maximize the Explorer Window on your locked out computer
> >and put your
> >>pointer in the window to the right where you now have a
> >file called
> >>seceditold.sdb. Right click your mouse and select paste
> >and you should now
> >>see a copy of secedit.sdb from the other computer that
> >you just copied.
> >>Close your Explorer Windows and reboot the locked out
> >computer to see if it
> >>helps and let me know. --- Steve
> >>
> >>"JWC062604" <anonymous@discussions.microsoft.com> wrote
> >in message
> >>news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
> >>> Steve:
> >>>
> >>> I actually do have another PC on my (2 PC) network.
> This
> >>> is how I am communicating now. My purpose for the
> >network
> >>> was so both PC's could share the cable modem to the
> net.
> >>> That's the only reason that I have the network.
> >>>
> >>> Are there other instructions possible with a PC on the
> >>> network? Or how might a professional repair this
> >problem?
> >>> I would take the machine to a firm that only dealt with
> >>> larger, corporate clients.
> >>>
> >>> Please respond.
> >>> JWC062604
> >>>
> >>> >-----Original Message-----
> >>> >See the tips in the link below. If you do not have a
> >>> another computer on the network
> >>> >you are going to need to try and replace the
> >secedit.sdb
> >>> file on your computer some
> >>> >other way such as by putting your hard drive in
> another
> >>> computer as a slave/secondary
> >>> >drive or doing a parallel install of the operating
> >system
> >>> [best done into another
> >>> >partition] in order to do the repair being very
> careful
> >>> NOT to install over your
> >>> >existing installation and do NOT format your drive,
> >which
> >>> you can delete when you are
> >>> >done. Specifically what happened is either you
> removed
> >>> groups from the logon
> >>> >locally user right or added a group to the deny logon
> >>> locally user right [more
> >>> >likely]. --- Steve
> >>> >
> >>> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >>> >http://support.microsoft.com/default.aspx?scid=kb;en-
> >>> us;266465
> >>> >
> >>> >"JWC062604" <anonymous@discussions.microsoft.com>
> wrote
> >>> in message
> >>> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
> >>> >> I use my PC locally only so last night I was trying
> >to
> >>> >> bypass the Windows logon screen. I thought I had
> made
> >>> the
> >>> >> proper adjustments within "Local Security Policy"
> >>> >> and "Users & Passwords" to allow for a straight
> boot
> >up
> >>> >> without the popup Windows logon box.
> >>> >>
> >>> >> This morning, when I booted up my PC, the Windows
> >logon
> >>> >> box still comes up so i went ahead and hit "OK"
> like
> >i
> >>> had
> >>> >> always dine previously using Administrator as my ID.
> >>> Then
> >>> >> I got a popup message stating "The local policy of
> >this
> >>> >> system does not permit you to logon interactively."
> >>> >>
> >>> >> I hit OK and the above message keeps coming up. How
> >can
> >>> I
> >>> >> go back and reset the logon settings the way they
> >were?
> >>> >>
> >>> >> TY JWC062404
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>> >.
> >>> >
> >>
> >>
> >>.
> >>
> >.
> >
Anonymous
a b 8 Security
June 28, 2004 5:26:06 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Steve:

One other thing. My 2nd PC doesn't show a WINNT folder. It
shows a WINDOWS folder, instead. (IS that a hold over from
Win 98 before the WIN2000 upgrade?) The WINDOWS folder
shows security and database and the file secedit.sdb
though.

How big is the NTRights? My 2nd PC only has about 225 meg
left of its 4 gig HD.

Thanks, JWC

>-----Original Message-----
>Hmm. There is no guarantee that method will work all the
time. I don't
>believe it will make any difference about renaming the
old file. Try
>removing the old file to another folder and leaving the
new secedit.sdb file
>alone in that folder. It is always best practice to
rename a critical file
>in case something goes really bad or you need it later
for configuration
>purposes. Let's go to plan B.
>
>First go to
http://www.petri.co.il/download_free_reskit_tools.htm
>and download Ntrights and unzip it and copy it to your
\winnt\system32
>folder on your good computer. Read the link below on
ntrights to remove deny
>logon rights as an example of how it is used.
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;276590
>
>Enter this command on your good computer [substituting
real computer name]
>while logged on as an administrator on the locked out
computer to give users
>group the right to logon interactively.
>
>ntrights -m \\computername -u users +r
SeInteractiveLogonRight . Type or
>copy it exactly as shown as the right is case sensitive.
>
>I noticed that Petri link to ntrights is currently down.
You can also get
>ntrights from a package of tools in the link below. You
will probably have
>to install all of them and then just move ntrights to
your \winnt\system32
>folder. Delete the rest of them as they are for W2003
Server but hopefully
>ntrights will work.
>
>http://www.microsoft.com/downloads/details.aspx?
FamilyID=9d467a69-57ff-4ae7-
>96ee-b18c4790cffd&displaylang=en
>http://tinyurl.com/a32f -- same link as above in case of
wrap
>
>Plan C. ******
>
>Go to SysInternals and download Psexec, unzip it and
download it into your
>\winnsystem32 folder.
>
>http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
>
>Enter the command psexec \\computername cmd.exe [again
using real
>computername]
>
>You should see a command prompt on your screen for the
locked out computer.
>If you do, then enter the command using secedit in the KB
link below and
>append /areas user_rights after it [as shown under link]
and hit enter. You
>can copy and paste the command and then add /areas
user_rights after it. If
>you goof up and it executes without the /areas
user_rights, don't worry
>about it. It will just take a lot longer and maybe change
some security
>policy settings you modified from default if any.
>
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;313222
>
>secedit /configure /cfg %windir%\repair\secsetup.inf /db
>secsetup.sdb /verbose /areas user_rights
>
>Hoefully one of the two methods will help. --- Steve
>..
>"JWC062604" <anonymous@discussions.microsoft.com> wrote
in message
>news:2250d01c45ca2$3e7a8250$a001280a@phx.gbl...
>> Steve:
>>
>> It did not work.
>>
>> I was able to access my "locked" PC's C Drive by using
>> the "\\computername\c$".
>>
>> Important points I want feedback on:
>>
>> 1) My working PC originally ran on Win 98 and was
upgraded
>> to Win 2000. It was not a clean install. I was an
upgrade.
>> Also my 2nd PC runs on a PII 233. My locked PC is a
800mh
>> celeron.
>>
>> 2) What if I added a 3rd PC running on a clean install
of
>> Win2000 to my network and added it to my workgroup.
Then I
>> could copy it's "secedit.sdb" to it. Would that help?
>>
>> 3) When I copy/pasted the "secedit.sdb" to the locked
PC,
>> I did not delete the now name changed "seceditold.sdb".
I
>> pasted my 2nd PC's copied secedit.sdb next to it in the
>> database folder. So, in the end, the database folder on
my
>> locked PC had the new/copied "secedit.sdb" file and the
>> name changed "seceditold.sdb" file still for the fix it
>> boot up. (Did that cause a problem?)
>>
>> 4) I noticed on JSI FAQ #3361 that it says to rename
>> the "secedit.sdb" file to "secedit.old_sdb". That is
>> different from your suggestion. You said to rename the
>> file "seceditold.sdb". Does that make a difference?
>>
>> 5) Looking at JSI FAQ #3361 that it says the cause
>> was "Local Security Policy has been set to deny logon
>> right to everyone." I do not recall "setting a deny" at
>> all. I did delete some "user groups" that I didn't
think I
>> needed. My guess is that the problem is a missing group
>> not a deny to everyone. I recall setting a lot of the
>> security settings to allow for everyone. i do not recall
>> one time where I set security to deny everyone.
>>
>> 6) Over my many attempts to boot up the locked PC, I
tried
>> Safe Mode. I watched the as the black screen scrolled
>> through all of the driver names. Eventually the
scrolling
>> ends and the PC sits for quite a while. Could it be
stuck
>> trying to load a bad driver? Can I try the "return to
the
>> last good configuration" route?
>>
>> Once I was able to move throughout my locked PC's file
>> structure using "\\computername\c$", I feel pretty
>> optimistic that this can now be fixed throught the
network
>> somehow.
>>
>> At very worst, I can at least copy everything off of the
>> PC to a 3rd PC and save it there or burn a CD.
>> Unfortunately, my existing 2nd PC has only a 4 gig
>> harddrive so it won't work. It is far too small. Plus it
>> only had about 225 meg left. It is far too small to
>> attempt a move.
>>
>> I assume it would be possible to add a third (& larger
HD)
>> PC to my 4 port router and move the files there. At
least
>> I now access to my Outlook email contact files and
>> email .pst files with info I badly need.
>>
>> Also, I had copied installation CD's directly to my
locked
>> PC's HD for save keeping in case something happened to
the
>> CD's themselves. At least now I can move these files to
a
>> 3rd PC.
>>
>>
>> >-----Original Message-----
>> >Thanks, Steve. You've been a life saver.
>> >
>> >JWC062604
>> >
>> >>-----Original Message-----
>> >>The link I showed shows exactly how to do that. Here
are
>> >the basic steps.
>> >>Substitute your actual computer name for the locked
out
>> >computer where I
>> >>show "computername". If you don't know the computers
>> >actual name, you should
>> >>see it in My Network Places on the good computer.
>> >Hopefully your working
>> >>computer is a Windows 2000 Pro computer or this will
not
>> >work and stop after
>> >>verifiyng or not that you can access the C$ folder on
>> the
>> >locked out
>> >>computer as described in the second sentence below. If
>> >you can at least
>> >>access the c$ folder there may be another option but I
>> >need to know the
>> >>operating system of your good computer. If you can not
>> >access the c$ drive
>> >>you will need to try to take it to someone who can
slave
>> >the drive in
>> >>another computer running Windows 2000 or XP to try and
>> >repair it or
>> >>reinstall the operating system which can be done
without
>> >destroying your
>> >>data but will require that you reinstall all of your
>> >applications, service
>> >>pack, and critical updates. Note that if you have any
>> EFS
>> >encrypted files,
>> >>that a reinstall that is not an "upgrade" install will
>> >prevent you from ever
>> >>accessing them again unless you backed up your EFS
>> >privaye keys.
>> >>
>> >>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>> >>
>> >>First logon to your other computer with a logon name
and
>> >password that
>> >>exists on the locked out computer that is an
>> >administrator on that computer.
>> >>Create the account on your "good" computer if need be.
>> >>
>> >>In the run box type \\computername\c$ and then enter.
If
>> >it brings up the
>> >>administrative share on the other computer which
should
>> >show the whole drive
>> >>you are in. I am assumming c drive is where your
>> >operating system is at and
>> >>if it is not use the correct drive letter.
>> >>
>> >>Go to the \winnt\security\database folder. First open
>> the
>> >winnt folder and
>> >>then the others in the order shown. Folders are in
>> >alphabetical order within
>> >>a folder.This is called the "path". You should see a
>> file
>> >called secedit.sdb
>> >>in the window to the right. Right click that file and
>> >select rename. Rename
>> >>it seceditold.sdm and hit enter.
>> >>
>> >>Minimize the Explorer Window by selecting the minimize
>> >icon in the top right
>> >>hand corner. Now on your "good" computer go to the
same
>> >folder path and find
>> >>the copy of secedit.sdb on it. Right click that file
and
>> >select copy. Now
>> >>maximize the Explorer Window on your locked out
computer
>> >and put your
>> >>pointer in the window to the right where you now have
a
>> >file called
>> >>seceditold.sdb. Right click your mouse and select
paste
>> >and you should now
>> >>see a copy of secedit.sdb from the other computer that
>> >you just copied.
>> >>Close your Explorer Windows and reboot the locked out
>> >computer to see if it
>> >>helps and let me know. --- Steve
>> >>
>> >>"JWC062604" <anonymous@discussions.microsoft.com>
wrote
>> >in message
>> >>news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
>> >>> Steve:
>> >>>
>> >>> I actually do have another PC on my (2 PC) network.
>> This
>> >>> is how I am communicating now. My purpose for the
>> >network
>> >>> was so both PC's could share the cable modem to the
>> net.
>> >>> That's the only reason that I have the network.
>> >>>
>> >>> Are there other instructions possible with a PC on
the
>> >>> network? Or how might a professional repair this
>> >problem?
>> >>> I would take the machine to a firm that only dealt
with
>> >>> larger, corporate clients.
>> >>>
>> >>> Please respond.
>> >>> JWC062604
>> >>>
>> >>> >-----Original Message-----
>> >>> >See the tips in the link below. If you do not have
a
>> >>> another computer on the network
>> >>> >you are going to need to try and replace the
>> >secedit.sdb
>> >>> file on your computer some
>> >>> >other way such as by putting your hard drive in
>> another
>> >>> computer as a slave/secondary
>> >>> >drive or doing a parallel install of the operating
>> >system
>> >>> [best done into another
>> >>> >partition] in order to do the repair being very
>> careful
>> >>> NOT to install over your
>> >>> >existing installation and do NOT format your drive,
>> >which
>> >>> you can delete when you are
>> >>> >done. Specifically what happened is either you
>> removed
>> >>> groups from the logon
>> >>> >locally user right or added a group to the deny
logon
>> >>> locally user right [more
>> >>> >likely]. --- Steve
>> >>> >
>> >>> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>> >>> >http://support.microsoft.com/default.aspx?
scid=kb;en-
>> >>> us;266465
>> >>> >
>> >>> >"JWC062604" <anonymous@discussions.microsoft.com>
>> wrote
>> >>> in message
>> >>> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
>> >>> >> I use my PC locally only so last night I was
trying
>> >to
>> >>> >> bypass the Windows logon screen. I thought I had
>> made
>> >>> the
>> >>> >> proper adjustments within "Local Security Policy"
>> >>> >> and "Users & Passwords" to allow for a straight
>> boot
>> >up
>> >>> >> without the popup Windows logon box.
>> >>> >>
>> >>> >> This morning, when I booted up my PC, the Windows
>> >logon
>> >>> >> box still comes up so i went ahead and hit "OK"
>> like
>> >i
>> >>> had
>> >>> >> always dine previously using Administrator as my
ID.
>> >>> Then
>> >>> >> I got a popup message stating "The local policy
of
>> >this
>> >>> >> system does not permit you to logon
interactively."
>> >>> >>
>> >>> >> I hit OK and the above message keeps coming up.
How
>> >can
>> >>> I
>> >>> >> go back and reset the logon settings the way they
>> >were?
>> >>> >>
>> >>> >> TY JWC062404
>> >>> >>
>> >>> >>
>> >>> >>
>> >>> >>
>> >>> >
>> >>> >
>> >>> >.
>> >>> >
>> >>
>> >>
>> >>.
>> >>
>> >.
>> >
>
>
>.
>
Anonymous
a b 8 Security
June 28, 2004 8:48:57 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I believe so. I have never upgraded a W98 computer to W2K. It should work fine in the
Windows or Window\system32 folder. The reason I suggest putting it there is because
it is in the "path" and will be executed where ever you use it. Ntrights is very
small and even if you need to download the whole Windows 2003 RK [13 MB] tools you
will have plenty of room. Otherwise try using psexec as I also suggested as a
possible solution.--- Steve


"JWC062704" <anonymous@discussions.microsoft.com> wrote in message
news:222a001c45cbb$43038380$a401280a@phx.gbl...
> Steve:
>
> One other thing. My 2nd PC doesn't show a WINNT folder. It
> shows a WINDOWS folder, instead. (IS that a hold over from
> Win 98 before the WIN2000 upgrade?) The WINDOWS folder
> shows security and database and the file secedit.sdb
> though.
>
> How big is the NTRights? My 2nd PC only has about 225 meg
> left of its 4 gig HD.
>
> Thanks, JWC
>
> >-----Original Message-----
> >Hmm. There is no guarantee that method will work all the
> time. I don't
> >believe it will make any difference about renaming the
> old file. Try
> >removing the old file to another folder and leaving the
> new secedit.sdb file
> >alone in that folder. It is always best practice to
> rename a critical file
> >in case something goes really bad or you need it later
> for configuration
> >purposes. Let's go to plan B.
> >
> >First go to
> http://www.petri.co.il/download_free_reskit_tools.htm
> >and download Ntrights and unzip it and copy it to your
> \winnt\system32
> >folder on your good computer. Read the link below on
> ntrights to remove deny
> >logon rights as an example of how it is used.
> >
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;276590
> >
> >Enter this command on your good computer [substituting
> real computer name]
> >while logged on as an administrator on the locked out
> computer to give users
> >group the right to logon interactively.
> >
> >ntrights -m \\computername -u users +r
> SeInteractiveLogonRight . Type or
> >copy it exactly as shown as the right is case sensitive.
> >
> >I noticed that Petri link to ntrights is currently down.
> You can also get
> >ntrights from a package of tools in the link below. You
> will probably have
> >to install all of them and then just move ntrights to
> your \winnt\system32
> >folder. Delete the rest of them as they are for W2003
> Server but hopefully
> >ntrights will work.
> >
> >http://www.microsoft.com/downloads/details.aspx?
> FamilyID=9d467a69-57ff-4ae7-
> >96ee-b18c4790cffd&displaylang=en
> >http://tinyurl.com/a32f -- same link as above in case of
> wrap
> >
> >Plan C. ******
> >
> >Go to SysInternals and download Psexec, unzip it and
> download it into your
> >\winnsystem32 folder.
> >
> >http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
> >
> >Enter the command psexec \\computername cmd.exe [again
> using real
> >computername]
> >
> >You should see a command prompt on your screen for the
> locked out computer.
> >If you do, then enter the command using secedit in the KB
> link below and
> >append /areas user_rights after it [as shown under link]
> and hit enter. You
> >can copy and paste the command and then add /areas
> user_rights after it. If
> >you goof up and it executes without the /areas
> user_rights, don't worry
> >about it. It will just take a lot longer and maybe change
> some security
> >policy settings you modified from default if any.
> >
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;313222
> >
> >secedit /configure /cfg %windir%\repair\secsetup.inf /db
> >secsetup.sdb /verbose /areas user_rights
> >
> >Hoefully one of the two methods will help. --- Steve
> >..
> >"JWC062604" <anonymous@discussions.microsoft.com> wrote
> in message
> >news:2250d01c45ca2$3e7a8250$a001280a@phx.gbl...
> >> Steve:
> >>
> >> It did not work.
> >>
> >> I was able to access my "locked" PC's C Drive by using
> >> the "\\computername\c$".
> >>
> >> Important points I want feedback on:
> >>
> >> 1) My working PC originally ran on Win 98 and was
> upgraded
> >> to Win 2000. It was not a clean install. I was an
> upgrade.
> >> Also my 2nd PC runs on a PII 233. My locked PC is a
> 800mh
> >> celeron.
> >>
> >> 2) What if I added a 3rd PC running on a clean install
> of
> >> Win2000 to my network and added it to my workgroup.
> Then I
> >> could copy it's "secedit.sdb" to it. Would that help?
> >>
> >> 3) When I copy/pasted the "secedit.sdb" to the locked
> PC,
> >> I did not delete the now name changed "seceditold.sdb".
> I
> >> pasted my 2nd PC's copied secedit.sdb next to it in the
> >> database folder. So, in the end, the database folder on
> my
> >> locked PC had the new/copied "secedit.sdb" file and the
> >> name changed "seceditold.sdb" file still for the fix it
> >> boot up. (Did that cause a problem?)
> >>
> >> 4) I noticed on JSI FAQ #3361 that it says to rename
> >> the "secedit.sdb" file to "secedit.old_sdb". That is
> >> different from your suggestion. You said to rename the
> >> file "seceditold.sdb". Does that make a difference?
> >>
> >> 5) Looking at JSI FAQ #3361 that it says the cause
> >> was "Local Security Policy has been set to deny logon
> >> right to everyone." I do not recall "setting a deny" at
> >> all. I did delete some "user groups" that I didn't
> think I
> >> needed. My guess is that the problem is a missing group
> >> not a deny to everyone. I recall setting a lot of the
> >> security settings to allow for everyone. i do not recall
> >> one time where I set security to deny everyone.
> >>
> >> 6) Over my many attempts to boot up the locked PC, I
> tried
> >> Safe Mode. I watched the as the black screen scrolled
> >> through all of the driver names. Eventually the
> scrolling
> >> ends and the PC sits for quite a while. Could it be
> stuck
> >> trying to load a bad driver? Can I try the "return to
> the
> >> last good configuration" route?
> >>
> >> Once I was able to move throughout my locked PC's file
> >> structure using "\\computername\c$", I feel pretty
> >> optimistic that this can now be fixed throught the
> network
> >> somehow.
> >>
> >> At very worst, I can at least copy everything off of the
> >> PC to a 3rd PC and save it there or burn a CD.
> >> Unfortunately, my existing 2nd PC has only a 4 gig
> >> harddrive so it won't work. It is far too small. Plus it
> >> only had about 225 meg left. It is far too small to
> >> attempt a move.
> >>
> >> I assume it would be possible to add a third (& larger
> HD)
> >> PC to my 4 port router and move the files there. At
> least
> >> I now access to my Outlook email contact files and
> >> email .pst files with info I badly need.
> >>
> >> Also, I had copied installation CD's directly to my
> locked
> >> PC's HD for save keeping in case something happened to
> the
> >> CD's themselves. At least now I can move these files to
> a
> >> 3rd PC.
> >>
> >>
> >> >-----Original Message-----
> >> >Thanks, Steve. You've been a life saver.
> >> >
> >> >JWC062604
> >> >
> >> >>-----Original Message-----
> >> >>The link I showed shows exactly how to do that. Here
> are
> >> >the basic steps.
> >> >>Substitute your actual computer name for the locked
> out
> >> >computer where I
> >> >>show "computername". If you don't know the computers
> >> >actual name, you should
> >> >>see it in My Network Places on the good computer.
> >> >Hopefully your working
> >> >>computer is a Windows 2000 Pro computer or this will
> not
> >> >work and stop after
> >> >>verifiyng or not that you can access the C$ folder on
> >> the
> >> >locked out
> >> >>computer as described in the second sentence below. If
> >> >you can at least
> >> >>access the c$ folder there may be another option but I
> >> >need to know the
> >> >>operating system of your good computer. If you can not
> >> >access the c$ drive
> >> >>you will need to try to take it to someone who can
> slave
> >> >the drive in
> >> >>another computer running Windows 2000 or XP to try and
> >> >repair it or
> >> >>reinstall the operating system which can be done
> without
> >> >destroying your
> >> >>data but will require that you reinstall all of your
> >> >applications, service
> >> >>pack, and critical updates. Note that if you have any
> >> EFS
> >> >encrypted files,
> >> >>that a reinstall that is not an "upgrade" install will
> >> >prevent you from ever
> >> >>accessing them again unless you backed up your EFS
> >> >privaye keys.
> >> >>
> >> >>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >> >>
> >> >>First logon to your other computer with a logon name
> and
> >> >password that
> >> >>exists on the locked out computer that is an
> >> >administrator on that computer.
> >> >>Create the account on your "good" computer if need be.
> >> >>
> >> >>In the run box type \\computername\c$ and then enter.
> If
> >> >it brings up the
> >> >>administrative share on the other computer which
> should
> >> >show the whole drive
> >> >>you are in. I am assumming c drive is where your
> >> >operating system is at and
> >> >>if it is not use the correct drive letter.
> >> >>
> >> >>Go to the \winnt\security\database folder. First open
> >> the
> >> >winnt folder and
> >> >>then the others in the order shown. Folders are in
> >> >alphabetical order within
> >> >>a folder.This is called the "path". You should see a
> >> file
> >> >called secedit.sdb
> >> >>in the window to the right. Right click that file and
> >> >select rename. Rename
> >> >>it seceditold.sdm and hit enter.
> >> >>
> >> >>Minimize the Explorer Window by selecting the minimize
> >> >icon in the top right
> >> >>hand corner. Now on your "good" computer go to the
> same
> >> >folder path and find
> >> >>the copy of secedit.sdb on it. Right click that file
> and
> >> >select copy. Now
> >> >>maximize the Explorer Window on your locked out
> computer
> >> >and put your
> >> >>pointer in the window to the right where you now have
> a
> >> >file called
> >> >>seceditold.sdb. Right click your mouse and select
> paste
> >> >and you should now
> >> >>see a copy of secedit.sdb from the other computer that
> >> >you just copied.
> >> >>Close your Explorer Windows and reboot the locked out
> >> >computer to see if it
> >> >>helps and let me know. --- Steve
> >> >>
> >> >>"JWC062604" <anonymous@discussions.microsoft.com>
> wrote
> >> >in message
> >> >>news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
> >> >>> Steve:
> >> >>>
> >> >>> I actually do have another PC on my (2 PC) network.
> >> This
> >> >>> is how I am communicating now. My purpose for the
> >> >network
> >> >>> was so both PC's could share the cable modem to the
> >> net.
> >> >>> That's the only reason that I have the network.
> >> >>>
> >> >>> Are there other instructions possible with a PC on
> the
> >> >>> network? Or how might a professional repair this
> >> >problem?
> >> >>> I would take the machine to a firm that only dealt
> with
> >> >>> larger, corporate clients.
> >> >>>
> >> >>> Please respond.
> >> >>> JWC062604
> >> >>>
> >> >>> >-----Original Message-----
> >> >>> >See the tips in the link below. If you do not have
> a
> >> >>> another computer on the network
> >> >>> >you are going to need to try and replace the
> >> >secedit.sdb
> >> >>> file on your computer some
> >> >>> >other way such as by putting your hard drive in
> >> another
> >> >>> computer as a slave/secondary
> >> >>> >drive or doing a parallel install of the operating
> >> >system
> >> >>> [best done into another
> >> >>> >partition] in order to do the repair being very
> >> careful
> >> >>> NOT to install over your
> >> >>> >existing installation and do NOT format your drive,
> >> >which
> >> >>> you can delete when you are
> >> >>> >done. Specifically what happened is either you
> >> removed
> >> >>> groups from the logon
> >> >>> >locally user right or added a group to the deny
> logon
> >> >>> locally user right [more
> >> >>> >likely]. --- Steve
> >> >>> >
> >> >>> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >> >>> >http://support.microsoft.com/default.aspx?
> scid=kb;en-
> >> >>> us;266465
> >> >>> >
> >> >>> >"JWC062604" <anonymous@discussions.microsoft.com>
> >> wrote
> >> >>> in message
> >> >>> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
> >> >>> >> I use my PC locally only so last night I was
> trying
> >> >to
> >> >>> >> bypass the Windows logon screen. I thought I had
> >> made
> >> >>> the
> >> >>> >> proper adjustments within "Local Security Policy"
> >> >>> >> and "Users & Passwords" to allow for a straight
> >> boot
> >> >up
> >> >>> >> without the popup Windows logon box.
> >> >>> >>
> >> >>> >> This morning, when I booted up my PC, the Windows
> >> >logon
> >> >>> >> box still comes up so i went ahead and hit "OK"
> >> like
> >> >i
> >> >>> had
> >> >>> >> always dine previously using Administrator as my
> ID.
> >> >>> Then
> >> >>> >> I got a popup message stating "The local policy
> of
> >> >this
> >> >>> >> system does not permit you to logon
> interactively."
> >> >>> >>
> >> >>> >> I hit OK and the above message keeps coming up.
> How
> >> >can
> >> >>> I
> >> >>> >> go back and reset the logon settings the way they
> >> >were?
> >> >>> >>
> >> >>> >> TY JWC062404
> >> >>> >>
> >> >>> >>
> >> >>> >>
> >> >>> >>
> >> >>> >
> >> >>> >
> >> >>> >.
> >> >>> >
> >> >>
> >> >>
> >> >>.
> >> >>
> >> >.
> >> >
> >
> >
> >.
> >
!