Local policy logon interactively on remote laptop

Archived from groups: microsoft.public.win2000.security (More info?)

That is a bad situation and there is no easy way to correct that without rebooting on
the lan. Computer policy is not supposed to be easily overridden. Removing a computer
from the domain may be one way, but that is not an option for him since he can not
logon.

Computer configuration also can applies to local user accounts. If the local
administrator was exempt from the policy, have him try to logon as the built in local
administrator account.

Otherwise the computer will have to be brought back to the lan or have the operating
system reinstalled where he is at. A parallel installation of the operating system or
slaving the hard drive in another computer running W2K/XP Pro would allow the user to
access his data files before a reinstall. Note that access to EFS encrypted files
will be lost after a reinstall unless the user has backed up his EFS private keys to
a .pfx file or a Recovery Agent is available which may be a domain
dministrator. --- Steve


"Pete" <anonymous@discussions.microsoft.com> wrote in message
news:2be1001c46833$469a3ab0$a301280a@phx.gbl...
> A domain policy was inadvertanly applied denying local
> logon to anyone but the specified user in the policy.
> This was corrected and those connected to the LAN were
> able to logon after the correction.
>
> A remote user dials in via VPN, receives the incorrectly
> configured policy and then disconnects. The user than
> logs off/restarts the laptop and is now unable to log in.
>
> Remote user...meaning this person is not on a LAN where he
> can receive an updated policy which would correct the
> login issue.
>
> As a remote user who can't log on, even via Safe Mode,
> what options are there to be had in correcting the mis-
> applied policy?
>
> Login via-dialup isn't an option for this user.
>
> Any information leading to a solution is appreciated.
>
> -Pete