Logon Error Msg: local security policy won't permit intera..

Archived from groups: microsoft.public.win2000.security (More info?)

I messed up while creating a user account for my kid and setting permissions
in W2K Professional (SP-2 was last update) ... After reading article ID
285793 on the subject, I think I know what I did wrong and how to fix it(I
accidentally set the "Deny logon locally" parameter). The resolution in the
article however, assumes you can get logged on ... I can't get past the logon
screen. I tried lauching in safe mode and I tried using my W2K startup disc
w/CD support but neither way worked. Is there any way to bypass the
"applying local security policy" function when windows launches so that I can
actually get logged on to fix my mistake?

Any help would be greatly appreciated.
Russ
7 answers Last reply
More about logon error local security policy permit intera
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Do you have more than one machine?
    If so, these are networked ? and you did not also make
    changes to the Deny policy for network login ?
    Evidently you set the Deny of local login for all Users ?

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    > I messed up while creating a user account for my kid and setting
    permissions
    > in W2K Professional (SP-2 was last update) ... After reading article ID
    > 285793 on the subject, I think I know what I did wrong and how to fix it(I
    > accidentally set the "Deny logon locally" parameter). The resolution in
    the
    > article however, assumes you can get logged on ... I can't get past the
    logon
    > screen. I tried lauching in safe mode and I tried using my W2K startup
    disc
    > w/CD support but neither way worked. Is there any way to bypass the
    > "applying local security policy" function when windows launches so that I
    can
    > actually get logged on to fix my mistake?
    >
    > Any help would be greatly appreciated.
    > Russ
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    The link below shows two ways to do it but both require the help of another
    computer on the network.

    http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm

    If you don't have another computer to help you, the only alternatives I know
    are to install a parallel operating system to try and replace the
    secedit.sdb file from the parallel installation. Otherwise you will need to
    do a fresh install of the operating system - an upgrade install will not
    work if I remember correctly. What you could do is to reinstall the
    operating system into the existing \winnt folder being sure NOT to format
    anything. You would follow the prompts to install the operating system onto
    the same drive and then the installation will warn you that an existing
    installation exists and ask if you want to install to the existing \winnt
    folder. When you select yes I believe you have to select L to proceed.

    The advantage of this type of install is that your data and original
    profiles will be preserved but all your applications [other then Internet
    Explorer] will have to be reinstalled, probably to existing locations as in
    "on top" of themselves. You would then have to install the latest service
    pack and critical updates and find your old profile under documents and
    settings folder to copy your data, emails, etc. That could be a lengthy task
    if you do not have a high speed internet connection and you would have to be
    sure that a firewall protects your computer before connecting it to the
    internet. Also if you happen to have any EFS encrypted files they will be
    lost forever if you do not have a backup of your EFS private key used to
    encrypt the files in a .pfx file somewhere.

    Otherwise try a parallel installation first though there is no guarantee
    that replacing secedit.sdb on the locked out install will work. The upside
    is that if it works, all your applications will still work and you will not
    have to install service pack or critical updates and at the very least you
    will have access to your data, though you will probably need to take
    "ownership" of the profile folders first as an administrator. To do such you
    will need to boot from the cdrom drive and install a new copy of the
    operating system, preferrably to another partition of your hard drive and do
    NOT format a partition unless you are willing to lose all the data on it.
    See the link below for more info. Good luck. --- Steve

    http://support.microsoft.com/kb/266465
    http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works the
    same in W2K.

    "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    >I messed up while creating a user account for my kid and setting
    >permissions
    > in W2K Professional (SP-2 was last update) ... After reading article ID
    > 285793 on the subject, I think I know what I did wrong and how to fix it(I
    > accidentally set the "Deny logon locally" parameter). The resolution in
    > the
    > article however, assumes you can get logged on ... I can't get past the
    > logon
    > screen. I tried lauching in safe mode and I tried using my W2K startup
    > disc
    > w/CD support but neither way worked. Is there any way to bypass the
    > "applying local security policy" function when windows launches so that I
    > can
    > actually get logged on to fix my mistake?
    >
    > Any help would be greatly appreciated.
    > Russ
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Steve,

    Actually, with a parallel install, one can set a deny on the
    %system32%\group policy folder (deny administrators) of
    the other system, just like one does with access via a network
    share mapping.
    This prevents application during the admin login so that
    they can then remove the deny and edit the policy to remove
    the offending setting.

    --
    Roger
    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:JJRqd.176476$R05.95923@attbi_s53...
    > The link below shows two ways to do it but both require the help of
    another
    > computer on the network.
    >
    > http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
    >
    > If you don't have another computer to help you, the only alternatives I
    know
    > are to install a parallel operating system to try and replace the
    > secedit.sdb file from the parallel installation. Otherwise you will need
    to
    > do a fresh install of the operating system - an upgrade install will not
    > work if I remember correctly. What you could do is to reinstall the
    > operating system into the existing \winnt folder being sure NOT to format
    > anything. You would follow the prompts to install the operating system
    onto
    > the same drive and then the installation will warn you that an existing
    > installation exists and ask if you want to install to the existing \winnt
    > folder. When you select yes I believe you have to select L to proceed.
    >
    > The advantage of this type of install is that your data and original
    > profiles will be preserved but all your applications [other then Internet
    > Explorer] will have to be reinstalled, probably to existing locations as
    in
    > "on top" of themselves. You would then have to install the latest service
    > pack and critical updates and find your old profile under documents and
    > settings folder to copy your data, emails, etc. That could be a lengthy
    task
    > if you do not have a high speed internet connection and you would have to
    be
    > sure that a firewall protects your computer before connecting it to the
    > internet. Also if you happen to have any EFS encrypted files they will be
    > lost forever if you do not have a backup of your EFS private key used to
    > encrypt the files in a .pfx file somewhere.
    >
    > Otherwise try a parallel installation first though there is no guarantee
    > that replacing secedit.sdb on the locked out install will work. The upside
    > is that if it works, all your applications will still work and you will
    not
    > have to install service pack or critical updates and at the very least you
    > will have access to your data, though you will probably need to take
    > "ownership" of the profile folders first as an administrator. To do such
    you
    > will need to boot from the cdrom drive and install a new copy of the
    > operating system, preferrably to another partition of your hard drive and
    do
    > NOT format a partition unless you are willing to lose all the data on it.
    > See the link below for more info. Good luck. --- Steve
    >
    > http://support.microsoft.com/kb/266465
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works
    the
    > same in W2K.
    >
    > "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    > news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    > >I messed up while creating a user account for my kid and setting
    > >permissions
    > > in W2K Professional (SP-2 was last update) ... After reading article ID
    > > 285793 on the subject, I think I know what I did wrong and how to fix
    it(I
    > > accidentally set the "Deny logon locally" parameter). The resolution in
    > > the
    > > article however, assumes you can get logged on ... I can't get past the
    > > logon
    > > screen. I tried lauching in safe mode and I tried using my W2K startup
    > > disc
    > > w/CD support but neither way worked. Is there any way to bypass the
    > > "applying local security policy" function when windows launches so that
    I
    > > can
    > > actually get logged on to fix my mistake?
    > >
    > > Any help would be greatly appreciated.
    > > Russ
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Roger.

    Cool. I know that works for user configuration but was not sure about
    computer configuration policy. Hopefully he gets it sorted out as it can be
    a real pain when you don't have another computer on hand to help out. ---
    Steve


    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
    > Hi Steve,
    >
    > Actually, with a parallel install, one can set a deny on the
    > %system32%\group policy folder (deny administrators) of
    > the other system, just like one does with access via a network
    > share mapping.
    > This prevents application during the admin login so that
    > they can then remove the deny and edit the policy to remove
    > the offending setting.
    >
    > --
    > Roger
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:JJRqd.176476$R05.95923@attbi_s53...
    >> The link below shows two ways to do it but both require the help of
    > another
    >> computer on the network.
    >>
    >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
    >>
    >> If you don't have another computer to help you, the only alternatives I
    > know
    >> are to install a parallel operating system to try and replace the
    >> secedit.sdb file from the parallel installation. Otherwise you will need
    > to
    >> do a fresh install of the operating system - an upgrade install will not
    >> work if I remember correctly. What you could do is to reinstall the
    >> operating system into the existing \winnt folder being sure NOT to format
    >> anything. You would follow the prompts to install the operating system
    > onto
    >> the same drive and then the installation will warn you that an existing
    >> installation exists and ask if you want to install to the existing \winnt
    >> folder. When you select yes I believe you have to select L to proceed.
    >>
    >> The advantage of this type of install is that your data and original
    >> profiles will be preserved but all your applications [other then Internet
    >> Explorer] will have to be reinstalled, probably to existing locations as
    > in
    >> "on top" of themselves. You would then have to install the latest service
    >> pack and critical updates and find your old profile under documents and
    >> settings folder to copy your data, emails, etc. That could be a lengthy
    > task
    >> if you do not have a high speed internet connection and you would have to
    > be
    >> sure that a firewall protects your computer before connecting it to the
    >> internet. Also if you happen to have any EFS encrypted files they will be
    >> lost forever if you do not have a backup of your EFS private key used to
    >> encrypt the files in a .pfx file somewhere.
    >>
    >> Otherwise try a parallel installation first though there is no guarantee
    >> that replacing secedit.sdb on the locked out install will work. The
    >> upside
    >> is that if it works, all your applications will still work and you will
    > not
    >> have to install service pack or critical updates and at the very least
    >> you
    >> will have access to your data, though you will probably need to take
    >> "ownership" of the profile folders first as an administrator. To do such
    > you
    >> will need to boot from the cdrom drive and install a new copy of the
    >> operating system, preferrably to another partition of your hard drive and
    > do
    >> NOT format a partition unless you are willing to lose all the data on it.
    >> See the link below for more info. Good luck. --- Steve
    >>
    >> http://support.microsoft.com/kb/266465
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works
    > the
    >> same in W2K.
    >>
    >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    >> >I messed up while creating a user account for my kid and setting
    >> >permissions
    >> > in W2K Professional (SP-2 was last update) ... After reading article ID
    >> > 285793 on the subject, I think I know what I did wrong and how to fix
    > it(I
    >> > accidentally set the "Deny logon locally" parameter). The resolution
    >> > in
    >> > the
    >> > article however, assumes you can get logged on ... I can't get past the
    >> > logon
    >> > screen. I tried lauching in safe mode and I tried using my W2K startup
    >> > disc
    >> > w/CD support but neither way worked. Is there any way to bypass the
    >> > "applying local security policy" function when windows launches so that
    > I
    >> > can
    >> > actually get logged on to fix my mistake?
    >> >
    >> > Any help would be greatly appreciated.
    >> > Russ
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks (Rodger and Steve), I'll give it a whirl. This gives new meaning to
    "learning from one's mistakes."

    Russ

    "Steven L Umbach" wrote:

    > Hi Roger.
    >
    > Cool. I know that works for user configuration but was not sure about
    > computer configuration policy. Hopefully he gets it sorted out as it can be
    > a real pain when you don't have another computer on hand to help out. ---
    > Steve
    >
    >
    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
    > > Hi Steve,
    > >
    > > Actually, with a parallel install, one can set a deny on the
    > > %system32%\group policy folder (deny administrators) of
    > > the other system, just like one does with access via a network
    > > share mapping.
    > > This prevents application during the admin login so that
    > > they can then remove the deny and edit the policy to remove
    > > the offending setting.
    > >
    > > --
    > > Roger
    > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > > news:JJRqd.176476$R05.95923@attbi_s53...
    > >> The link below shows two ways to do it but both require the help of
    > > another
    > >> computer on the network.
    > >>
    > >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
    > >>
    > >> If you don't have another computer to help you, the only alternatives I
    > > know
    > >> are to install a parallel operating system to try and replace the
    > >> secedit.sdb file from the parallel installation. Otherwise you will need
    > > to
    > >> do a fresh install of the operating system - an upgrade install will not
    > >> work if I remember correctly. What you could do is to reinstall the
    > >> operating system into the existing \winnt folder being sure NOT to format
    > >> anything. You would follow the prompts to install the operating system
    > > onto
    > >> the same drive and then the installation will warn you that an existing
    > >> installation exists and ask if you want to install to the existing \winnt
    > >> folder. When you select yes I believe you have to select L to proceed.
    > >>
    > >> The advantage of this type of install is that your data and original
    > >> profiles will be preserved but all your applications [other then Internet
    > >> Explorer] will have to be reinstalled, probably to existing locations as
    > > in
    > >> "on top" of themselves. You would then have to install the latest service
    > >> pack and critical updates and find your old profile under documents and
    > >> settings folder to copy your data, emails, etc. That could be a lengthy
    > > task
    > >> if you do not have a high speed internet connection and you would have to
    > > be
    > >> sure that a firewall protects your computer before connecting it to the
    > >> internet. Also if you happen to have any EFS encrypted files they will be
    > >> lost forever if you do not have a backup of your EFS private key used to
    > >> encrypt the files in a .pfx file somewhere.
    > >>
    > >> Otherwise try a parallel installation first though there is no guarantee
    > >> that replacing secedit.sdb on the locked out install will work. The
    > >> upside
    > >> is that if it works, all your applications will still work and you will
    > > not
    > >> have to install service pack or critical updates and at the very least
    > >> you
    > >> will have access to your data, though you will probably need to take
    > >> "ownership" of the profile folders first as an administrator. To do such
    > > you
    > >> will need to boot from the cdrom drive and install a new copy of the
    > >> operating system, preferrably to another partition of your hard drive and
    > > do
    > >> NOT format a partition unless you are willing to lose all the data on it.
    > >> See the link below for more info. Good luck. --- Steve
    > >>
    > >> http://support.microsoft.com/kb/266465
    > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works
    > > the
    > >> same in W2K.
    > >>
    > >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    > >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    > >> >I messed up while creating a user account for my kid and setting
    > >> >permissions
    > >> > in W2K Professional (SP-2 was last update) ... After reading article ID
    > >> > 285793 on the subject, I think I know what I did wrong and how to fix
    > > it(I
    > >> > accidentally set the "Deny logon locally" parameter). The resolution
    > >> > in
    > >> > the
    > >> > article however, assumes you can get logged on ... I can't get past the
    > >> > logon
    > >> > screen. I tried lauching in safe mode and I tried using my W2K startup
    > >> > disc
    > >> > w/CD support but neither way worked. Is there any way to bypass the
    > >> > "applying local security policy" function when windows launches so that
    > > I
    > >> > can
    > >> > actually get logged on to fix my mistake?
    > >> >
    > >> > Any help would be greatly appreciated.
    > >> > Russ
    > >>
    > >>
    > >
    > >
    >
    >
    >
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    If it makes you fee any better I have been there a number of times
    yself. --- Steve


    "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    news:C565966F-B57A-47C1-8ECF-87757BAB4A59@microsoft.com...
    > Thanks (Rodger and Steve), I'll give it a whirl. This gives new meaning
    > to
    > "learning from one's mistakes."
    >
    > Russ
    >
    > "Steven L Umbach" wrote:
    >
    >> Hi Roger.
    >>
    >> Cool. I know that works for user configuration but was not sure about
    >> computer configuration policy. Hopefully he gets it sorted out as it can
    >> be
    >> a real pain when you don't have another computer on hand to help
    >> ut. ---
    >> Steve
    >>
    >>
    >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    >> news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
    >> > Hi Steve,
    >> >
    >> > Actually, with a parallel install, one can set a deny on the
    >> > %system32%\group policy folder (deny administrators) of
    >> > the other system, just like one does with access via a network
    >> > share mapping.
    >> > This prevents application during the admin login so that
    >> > they can then remove the deny and edit the policy to remove
    >> > the offending setting.
    >> >
    >> > --
    >> > Roger
    >> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    >> > news:JJRqd.176476$R05.95923@attbi_s53...
    >> >> The link below shows two ways to do it but both require the help of
    >> > another
    >> >> computer on the network.
    >> >>
    >> >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
    >> >>
    >> >> If you don't have another computer to help you, the only alternatives
    >> >> I
    >> > know
    >> >> are to install a parallel operating system to try and replace the
    >> >> secedit.sdb file from the parallel installation. Otherwise you will
    >> >> need
    >> > to
    >> >> do a fresh install of the operating system - an upgrade install will
    >> >> not
    >> >> work if I remember correctly. What you could do is to reinstall the
    >> >> operating system into the existing \winnt folder being sure NOT to
    >> >> format
    >> >> anything. You would follow the prompts to install the operating system
    >> > onto
    >> >> the same drive and then the installation will warn you that an
    >> >> existing
    >> >> installation exists and ask if you want to install to the existing
    >> >> \winnt
    >> >> folder. When you select yes I believe you have to select L to proceed.
    >> >>
    >> >> The advantage of this type of install is that your data and original
    >> >> profiles will be preserved but all your applications [other then
    >> >> Internet
    >> >> Explorer] will have to be reinstalled, probably to existing locations
    >> >> as
    >> > in
    >> >> "on top" of themselves. You would then have to install the latest
    >> >> service
    >> >> pack and critical updates and find your old profile under documents
    >> >> and
    >> >> settings folder to copy your data, emails, etc. That could be a
    >> >> lengthy
    >> > task
    >> >> if you do not have a high speed internet connection and you would have
    >> >> to
    >> > be
    >> >> sure that a firewall protects your computer before connecting it to
    >> >> the
    >> >> internet. Also if you happen to have any EFS encrypted files they will
    >> >> be
    >> >> lost forever if you do not have a backup of your EFS private key used
    >> >> to
    >> >> encrypt the files in a .pfx file somewhere.
    >> >>
    >> >> Otherwise try a parallel installation first though there is no
    >> >> guarantee
    >> >> that replacing secedit.sdb on the locked out install will work. The
    >> >> upside
    >> >> is that if it works, all your applications will still work and you
    >> >> will
    >> > not
    >> >> have to install service pack or critical updates and at the very least
    >> >> you
    >> >> will have access to your data, though you will probably need to take
    >> >> "ownership" of the profile folders first as an administrator. To do
    >> >> such
    >> > you
    >> >> will need to boot from the cdrom drive and install a new copy of the
    >> >> operating system, preferrably to another partition of your hard drive
    >> >> and
    >> > do
    >> >> NOT format a partition unless you are willing to lose all the data on
    >> >> it.
    >> >> See the link below for more info. Good luck. --- Steve
    >> >>
    >> >> http://support.microsoft.com/kb/266465
    >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 --
    >> >> works
    >> > the
    >> >> same in W2K.
    >> >>
    >> >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    >> >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    >> >> >I messed up while creating a user account for my kid and setting
    >> >> >permissions
    >> >> > in W2K Professional (SP-2 was last update) ... After reading article
    >> >> > ID
    >> >> > 285793 on the subject, I think I know what I did wrong and how to
    >> >> > fix
    >> > it(I
    >> >> > accidentally set the "Deny logon locally" parameter). The
    >> >> > resolution
    >> >> > in
    >> >> > the
    >> >> > article however, assumes you can get logged on ... I can't get past
    >> >> > the
    >> >> > logon
    >> >> > screen. I tried lauching in safe mode and I tried using my W2K
    >> >> > startup
    >> >> > disc
    >> >> > w/CD support but neither way worked. Is there any way to bypass the
    >> >> > "applying local security policy" function when windows launches so
    >> >> > that
    >> > I
    >> >> > can
    >> >> > actually get logged on to fix my mistake?
    >> >> >
    >> >> > Any help would be greatly appreciated.
    >> >> > Russ
    >> >>
    >> >>
    >> >
    >> >
    >>
    >>
    >>
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    Yep, as long as it is just a _local_ policy issue.
    (ps. System has NTFS access due to hidden membership
    in the Administrators group)

    --
    Roger
    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:2YRqd.111158$V41.68633@attbi_s52...
    > Hi Roger.
    >
    > Cool. I know that works for user configuration but was not sure about
    > computer configuration policy. Hopefully he gets it sorted out as it can
    be
    > a real pain when you don't have another computer on hand to help out. ---
    > Steve
    >
    >
    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
    > > Hi Steve,
    > >
    > > Actually, with a parallel install, one can set a deny on the
    > > %system32%\group policy folder (deny administrators) of
    > > the other system, just like one does with access via a network
    > > share mapping.
    > > This prevents application during the admin login so that
    > > they can then remove the deny and edit the policy to remove
    > > the offending setting.
    > >
    > > --
    > > Roger
    > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > > news:JJRqd.176476$R05.95923@attbi_s53...
    > >> The link below shows two ways to do it but both require the help of
    > > another
    > >> computer on the network.
    > >>
    > >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
    > >>
    > >> If you don't have another computer to help you, the only alternatives I
    > > know
    > >> are to install a parallel operating system to try and replace the
    > >> secedit.sdb file from the parallel installation. Otherwise you will
    need
    > > to
    > >> do a fresh install of the operating system - an upgrade install will
    not
    > >> work if I remember correctly. What you could do is to reinstall the
    > >> operating system into the existing \winnt folder being sure NOT to
    format
    > >> anything. You would follow the prompts to install the operating system
    > > onto
    > >> the same drive and then the installation will warn you that an existing
    > >> installation exists and ask if you want to install to the existing
    \winnt
    > >> folder. When you select yes I believe you have to select L to proceed.
    > >>
    > >> The advantage of this type of install is that your data and original
    > >> profiles will be preserved but all your applications [other then
    Internet
    > >> Explorer] will have to be reinstalled, probably to existing locations
    as
    > > in
    > >> "on top" of themselves. You would then have to install the latest
    service
    > >> pack and critical updates and find your old profile under documents and
    > >> settings folder to copy your data, emails, etc. That could be a lengthy
    > > task
    > >> if you do not have a high speed internet connection and you would have
    to
    > > be
    > >> sure that a firewall protects your computer before connecting it to the
    > >> internet. Also if you happen to have any EFS encrypted files they will
    be
    > >> lost forever if you do not have a backup of your EFS private key used
    to
    > >> encrypt the files in a .pfx file somewhere.
    > >>
    > >> Otherwise try a parallel installation first though there is no
    guarantee
    > >> that replacing secedit.sdb on the locked out install will work. The
    > >> upside
    > >> is that if it works, all your applications will still work and you will
    > > not
    > >> have to install service pack or critical updates and at the very least
    > >> you
    > >> will have access to your data, though you will probably need to take
    > >> "ownership" of the profile folders first as an administrator. To do
    such
    > > you
    > >> will need to boot from the cdrom drive and install a new copy of the
    > >> operating system, preferrably to another partition of your hard drive
    and
    > > do
    > >> NOT format a partition unless you are willing to lose all the data on
    it.
    > >> See the link below for more info. Good luck. --- Steve
    > >>
    > >> http://support.microsoft.com/kb/266465
    > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 --
    works
    > > the
    > >> same in W2K.
    > >>
    > >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
    > >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
    > >> >I messed up while creating a user account for my kid and setting
    > >> >permissions
    > >> > in W2K Professional (SP-2 was last update) ... After reading article
    ID
    > >> > 285793 on the subject, I think I know what I did wrong and how to fix
    > > it(I
    > >> > accidentally set the "Deny logon locally" parameter). The resolution
    > >> > in
    > >> > the
    > >> > article however, assumes you can get logged on ... I can't get past
    the
    > >> > logon
    > >> > screen. I tried lauching in safe mode and I tried using my W2K
    startup
    > >> > disc
    > >> > w/CD support but neither way worked. Is there any way to bypass the
    > >> > "applying local security policy" function when windows launches so
    that
    > > I
    > >> > can
    > >> > actually get logged on to fix my mistake?
    > >> >
    > >> > Any help would be greatly appreciated.
    > >> > Russ
    > >>
    > >>
    > >
    > >
    >
    >
Ask a new question

Read More

Security Windows