Sign in with
Sign up | Sign in
Your question

Logon Error Msg: local security policy won't permit intera..

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
November 29, 2004 6:59:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I messed up while creating a user account for my kid and setting permissions
in W2K Professional (SP-2 was last update) ... After reading article ID
285793 on the subject, I think I know what I did wrong and how to fix it(I
accidentally set the "Deny logon locally" parameter). The resolution in the
article however, assumes you can get logged on ... I can't get past the logon
screen. I tried lauching in safe mode and I tried using my W2K startup disc
w/CD support but neither way worked. Is there any way to bypass the
"applying local security policy" function when windows launches so that I can
actually get logged on to fix my mistake?

Any help would be greatly appreciated.
Russ
Anonymous
a b 8 Security
November 29, 2004 8:30:16 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Do you have more than one machine?
If so, these are networked ? and you did not also make
changes to the Deny policy for network login ?
Evidently you set the Deny of local login for all Users ?

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"retjefe" <retjefe@discussions.microsoft.com> wrote in message
news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
> I messed up while creating a user account for my kid and setting
permissions
> in W2K Professional (SP-2 was last update) ... After reading article ID
> 285793 on the subject, I think I know what I did wrong and how to fix it(I
> accidentally set the "Deny logon locally" parameter). The resolution in
the
> article however, assumes you can get logged on ... I can't get past the
logon
> screen. I tried lauching in safe mode and I tried using my W2K startup
disc
> w/CD support but neither way worked. Is there any way to bypass the
> "applying local security policy" function when windows launches so that I
can
> actually get logged on to fix my mistake?
>
> Any help would be greatly appreciated.
> Russ
Anonymous
a b 8 Security
November 30, 2004 6:24:25 AM

Archived from groups: microsoft.public.win2000.security (More info?)

The link below shows two ways to do it but both require the help of another
computer on the network.

http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm

If you don't have another computer to help you, the only alternatives I know
are to install a parallel operating system to try and replace the
secedit.sdb file from the parallel installation. Otherwise you will need to
do a fresh install of the operating system - an upgrade install will not
work if I remember correctly. What you could do is to reinstall the
operating system into the existing \winnt folder being sure NOT to format
anything. You would follow the prompts to install the operating system onto
the same drive and then the installation will warn you that an existing
installation exists and ask if you want to install to the existing \winnt
folder. When you select yes I believe you have to select L to proceed.

The advantage of this type of install is that your data and original
profiles will be preserved but all your applications [other then Internet
Explorer] will have to be reinstalled, probably to existing locations as in
"on top" of themselves. You would then have to install the latest service
pack and critical updates and find your old profile under documents and
settings folder to copy your data, emails, etc. That could be a lengthy task
if you do not have a high speed internet connection and you would have to be
sure that a firewall protects your computer before connecting it to the
internet. Also if you happen to have any EFS encrypted files they will be
lost forever if you do not have a backup of your EFS private key used to
encrypt the files in a .pfx file somewhere.

Otherwise try a parallel installation first though there is no guarantee
that replacing secedit.sdb on the locked out install will work. The upside
is that if it works, all your applications will still work and you will not
have to install service pack or critical updates and at the very least you
will have access to your data, though you will probably need to take
"ownership" of the profile folders first as an administrator. To do such you
will need to boot from the cdrom drive and install a new copy of the
operating system, preferrably to another partition of your hard drive and do
NOT format a partition unless you are willing to lose all the data on it.
See the link below for more info. Good luck. --- Steve

http://support.microsoft.com/kb/266465
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works the
same in W2K.

"retjefe" <retjefe@discussions.microsoft.com> wrote in message
news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
>I messed up while creating a user account for my kid and setting
>permissions
> in W2K Professional (SP-2 was last update) ... After reading article ID
> 285793 on the subject, I think I know what I did wrong and how to fix it(I
> accidentally set the "Deny logon locally" parameter). The resolution in
> the
> article however, assumes you can get logged on ... I can't get past the
> logon
> screen. I tried lauching in safe mode and I tried using my W2K startup
> disc
> w/CD support but neither way worked. Is there any way to bypass the
> "applying local security policy" function when windows launches so that I
> can
> actually get logged on to fix my mistake?
>
> Any help would be greatly appreciated.
> Russ
Related resources
Anonymous
a b 8 Security
November 30, 2004 6:24:26 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Steve,

Actually, with a parallel install, one can set a deny on the
%system32%\group policy folder (deny administrators) of
the other system, just like one does with access via a network
share mapping.
This prevents application during the admin login so that
they can then remove the deny and edit the policy to remove
the offending setting.

--
Roger
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:JJRqd.176476$R05.95923@attbi_s53...
> The link below shows two ways to do it but both require the help of
another
> computer on the network.
>
> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>
> If you don't have another computer to help you, the only alternatives I
know
> are to install a parallel operating system to try and replace the
> secedit.sdb file from the parallel installation. Otherwise you will need
to
> do a fresh install of the operating system - an upgrade install will not
> work if I remember correctly. What you could do is to reinstall the
> operating system into the existing \winnt folder being sure NOT to format
> anything. You would follow the prompts to install the operating system
onto
> the same drive and then the installation will warn you that an existing
> installation exists and ask if you want to install to the existing \winnt
> folder. When you select yes I believe you have to select L to proceed.
>
> The advantage of this type of install is that your data and original
> profiles will be preserved but all your applications [other then Internet
> Explorer] will have to be reinstalled, probably to existing locations as
in
> "on top" of themselves. You would then have to install the latest service
> pack and critical updates and find your old profile under documents and
> settings folder to copy your data, emails, etc. That could be a lengthy
task
> if you do not have a high speed internet connection and you would have to
be
> sure that a firewall protects your computer before connecting it to the
> internet. Also if you happen to have any EFS encrypted files they will be
> lost forever if you do not have a backup of your EFS private key used to
> encrypt the files in a .pfx file somewhere.
>
> Otherwise try a parallel installation first though there is no guarantee
> that replacing secedit.sdb on the locked out install will work. The upside
> is that if it works, all your applications will still work and you will
not
> have to install service pack or critical updates and at the very least you
> will have access to your data, though you will probably need to take
> "ownership" of the profile folders first as an administrator. To do such
you
> will need to boot from the cdrom drive and install a new copy of the
> operating system, preferrably to another partition of your hard drive and
do
> NOT format a partition unless you are willing to lose all the data on it.
> See the link below for more info. Good luck. --- Steve
>
> http://support.microsoft.com/kb/266465
> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works
the
> same in W2K.
>
> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
> >I messed up while creating a user account for my kid and setting
> >permissions
> > in W2K Professional (SP-2 was last update) ... After reading article ID
> > 285793 on the subject, I think I know what I did wrong and how to fix
it(I
> > accidentally set the "Deny logon locally" parameter). The resolution in
> > the
> > article however, assumes you can get logged on ... I can't get past the
> > logon
> > screen. I tried lauching in safe mode and I tried using my W2K startup
> > disc
> > w/CD support but neither way worked. Is there any way to bypass the
> > "applying local security policy" function when windows launches so that
I
> > can
> > actually get logged on to fix my mistake?
> >
> > Any help would be greatly appreciated.
> > Russ
>
>
Anonymous
a b 8 Security
November 30, 2004 6:39:42 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Roger.

Cool. I know that works for user configuration but was not sure about
computer configuration policy. Hopefully he gets it sorted out as it can be
a real pain when you don't have another computer on hand to help out. ---
Steve


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
> Hi Steve,
>
> Actually, with a parallel install, one can set a deny on the
> %system32%\group policy folder (deny administrators) of
> the other system, just like one does with access via a network
> share mapping.
> This prevents application during the admin login so that
> they can then remove the deny and edit the policy to remove
> the offending setting.
>
> --
> Roger
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:JJRqd.176476$R05.95923@attbi_s53...
>> The link below shows two ways to do it but both require the help of
> another
>> computer on the network.
>>
>> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>>
>> If you don't have another computer to help you, the only alternatives I
> know
>> are to install a parallel operating system to try and replace the
>> secedit.sdb file from the parallel installation. Otherwise you will need
> to
>> do a fresh install of the operating system - an upgrade install will not
>> work if I remember correctly. What you could do is to reinstall the
>> operating system into the existing \winnt folder being sure NOT to format
>> anything. You would follow the prompts to install the operating system
> onto
>> the same drive and then the installation will warn you that an existing
>> installation exists and ask if you want to install to the existing \winnt
>> folder. When you select yes I believe you have to select L to proceed.
>>
>> The advantage of this type of install is that your data and original
>> profiles will be preserved but all your applications [other then Internet
>> Explorer] will have to be reinstalled, probably to existing locations as
> in
>> "on top" of themselves. You would then have to install the latest service
>> pack and critical updates and find your old profile under documents and
>> settings folder to copy your data, emails, etc. That could be a lengthy
> task
>> if you do not have a high speed internet connection and you would have to
> be
>> sure that a firewall protects your computer before connecting it to the
>> internet. Also if you happen to have any EFS encrypted files they will be
>> lost forever if you do not have a backup of your EFS private key used to
>> encrypt the files in a .pfx file somewhere.
>>
>> Otherwise try a parallel installation first though there is no guarantee
>> that replacing secedit.sdb on the locked out install will work. The
>> upside
>> is that if it works, all your applications will still work and you will
> not
>> have to install service pack or critical updates and at the very least
>> you
>> will have access to your data, though you will probably need to take
>> "ownership" of the profile folders first as an administrator. To do such
> you
>> will need to boot from the cdrom drive and install a new copy of the
>> operating system, preferrably to another partition of your hard drive and
> do
>> NOT format a partition unless you are willing to lose all the data on it.
>> See the link below for more info. Good luck. --- Steve
>>
>> http://support.microsoft.com/kb/266465
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works
> the
>> same in W2K.
>>
>> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
>> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
>> >I messed up while creating a user account for my kid and setting
>> >permissions
>> > in W2K Professional (SP-2 was last update) ... After reading article ID
>> > 285793 on the subject, I think I know what I did wrong and how to fix
> it(I
>> > accidentally set the "Deny logon locally" parameter). The resolution
>> > in
>> > the
>> > article however, assumes you can get logged on ... I can't get past the
>> > logon
>> > screen. I tried lauching in safe mode and I tried using my W2K startup
>> > disc
>> > w/CD support but neither way worked. Is there any way to bypass the
>> > "applying local security policy" function when windows launches so that
> I
>> > can
>> > actually get logged on to fix my mistake?
>> >
>> > Any help would be greatly appreciated.
>> > Russ
>>
>>
>
>
Anonymous
a b 8 Security
November 30, 2004 11:19:04 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks (Rodger and Steve), I'll give it a whirl. This gives new meaning to
"learning from one's mistakes."

Russ

"Steven L Umbach" wrote:

> Hi Roger.
>
> Cool. I know that works for user configuration but was not sure about
> computer configuration policy. Hopefully he gets it sorted out as it can be
> a real pain when you don't have another computer on hand to help out. ---
> Steve
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
> > Hi Steve,
> >
> > Actually, with a parallel install, one can set a deny on the
> > %system32%\group policy folder (deny administrators) of
> > the other system, just like one does with access via a network
> > share mapping.
> > This prevents application during the admin login so that
> > they can then remove the deny and edit the policy to remove
> > the offending setting.
> >
> > --
> > Roger
> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> > news:JJRqd.176476$R05.95923@attbi_s53...
> >> The link below shows two ways to do it but both require the help of
> > another
> >> computer on the network.
> >>
> >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >>
> >> If you don't have another computer to help you, the only alternatives I
> > know
> >> are to install a parallel operating system to try and replace the
> >> secedit.sdb file from the parallel installation. Otherwise you will need
> > to
> >> do a fresh install of the operating system - an upgrade install will not
> >> work if I remember correctly. What you could do is to reinstall the
> >> operating system into the existing \winnt folder being sure NOT to format
> >> anything. You would follow the prompts to install the operating system
> > onto
> >> the same drive and then the installation will warn you that an existing
> >> installation exists and ask if you want to install to the existing \winnt
> >> folder. When you select yes I believe you have to select L to proceed.
> >>
> >> The advantage of this type of install is that your data and original
> >> profiles will be preserved but all your applications [other then Internet
> >> Explorer] will have to be reinstalled, probably to existing locations as
> > in
> >> "on top" of themselves. You would then have to install the latest service
> >> pack and critical updates and find your old profile under documents and
> >> settings folder to copy your data, emails, etc. That could be a lengthy
> > task
> >> if you do not have a high speed internet connection and you would have to
> > be
> >> sure that a firewall protects your computer before connecting it to the
> >> internet. Also if you happen to have any EFS encrypted files they will be
> >> lost forever if you do not have a backup of your EFS private key used to
> >> encrypt the files in a .pfx file somewhere.
> >>
> >> Otherwise try a parallel installation first though there is no guarantee
> >> that replacing secedit.sdb on the locked out install will work. The
> >> upside
> >> is that if it works, all your applications will still work and you will
> > not
> >> have to install service pack or critical updates and at the very least
> >> you
> >> will have access to your data, though you will probably need to take
> >> "ownership" of the profile folders first as an administrator. To do such
> > you
> >> will need to boot from the cdrom drive and install a new copy of the
> >> operating system, preferrably to another partition of your hard drive and
> > do
> >> NOT format a partition unless you are willing to lose all the data on it.
> >> See the link below for more info. Good luck. --- Steve
> >>
> >> http://support.microsoft.com/kb/266465
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 -- works
> > the
> >> same in W2K.
> >>
> >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
> >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
> >> >I messed up while creating a user account for my kid and setting
> >> >permissions
> >> > in W2K Professional (SP-2 was last update) ... After reading article ID
> >> > 285793 on the subject, I think I know what I did wrong and how to fix
> > it(I
> >> > accidentally set the "Deny logon locally" parameter). The resolution
> >> > in
> >> > the
> >> > article however, assumes you can get logged on ... I can't get past the
> >> > logon
> >> > screen. I tried lauching in safe mode and I tried using my W2K startup
> >> > disc
> >> > w/CD support but neither way worked. Is there any way to bypass the
> >> > "applying local security policy" function when windows launches so that
> > I
> >> > can
> >> > actually get logged on to fix my mistake?
> >> >
> >> > Any help would be greatly appreciated.
> >> > Russ
> >>
> >>
> >
> >
>
>
>
Anonymous
a b 8 Security
November 30, 2004 10:36:16 PM

Archived from groups: microsoft.public.win2000.security (More info?)

If it makes you fee any better I have been there a number of times
yself. --- Steve


"retjefe" <retjefe@discussions.microsoft.com> wrote in message
news:C565966F-B57A-47C1-8ECF-87757BAB4A59@microsoft.com...
> Thanks (Rodger and Steve), I'll give it a whirl. This gives new meaning
> to
> "learning from one's mistakes."
>
> Russ
>
> "Steven L Umbach" wrote:
>
>> Hi Roger.
>>
>> Cool. I know that works for user configuration but was not sure about
>> computer configuration policy. Hopefully he gets it sorted out as it can
>> be
>> a real pain when you don't have another computer on hand to help
>> ut. ---
>> Steve
>>
>>
>> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
>> news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
>> > Hi Steve,
>> >
>> > Actually, with a parallel install, one can set a deny on the
>> > %system32%\group policy folder (deny administrators) of
>> > the other system, just like one does with access via a network
>> > share mapping.
>> > This prevents application during the admin login so that
>> > they can then remove the deny and edit the policy to remove
>> > the offending setting.
>> >
>> > --
>> > Roger
>> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> > news:JJRqd.176476$R05.95923@attbi_s53...
>> >> The link below shows two ways to do it but both require the help of
>> > another
>> >> computer on the network.
>> >>
>> >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>> >>
>> >> If you don't have another computer to help you, the only alternatives
>> >> I
>> > know
>> >> are to install a parallel operating system to try and replace the
>> >> secedit.sdb file from the parallel installation. Otherwise you will
>> >> need
>> > to
>> >> do a fresh install of the operating system - an upgrade install will
>> >> not
>> >> work if I remember correctly. What you could do is to reinstall the
>> >> operating system into the existing \winnt folder being sure NOT to
>> >> format
>> >> anything. You would follow the prompts to install the operating system
>> > onto
>> >> the same drive and then the installation will warn you that an
>> >> existing
>> >> installation exists and ask if you want to install to the existing
>> >> \winnt
>> >> folder. When you select yes I believe you have to select L to proceed.
>> >>
>> >> The advantage of this type of install is that your data and original
>> >> profiles will be preserved but all your applications [other then
>> >> Internet
>> >> Explorer] will have to be reinstalled, probably to existing locations
>> >> as
>> > in
>> >> "on top" of themselves. You would then have to install the latest
>> >> service
>> >> pack and critical updates and find your old profile under documents
>> >> and
>> >> settings folder to copy your data, emails, etc. That could be a
>> >> lengthy
>> > task
>> >> if you do not have a high speed internet connection and you would have
>> >> to
>> > be
>> >> sure that a firewall protects your computer before connecting it to
>> >> the
>> >> internet. Also if you happen to have any EFS encrypted files they will
>> >> be
>> >> lost forever if you do not have a backup of your EFS private key used
>> >> to
>> >> encrypt the files in a .pfx file somewhere.
>> >>
>> >> Otherwise try a parallel installation first though there is no
>> >> guarantee
>> >> that replacing secedit.sdb on the locked out install will work. The
>> >> upside
>> >> is that if it works, all your applications will still work and you
>> >> will
>> > not
>> >> have to install service pack or critical updates and at the very least
>> >> you
>> >> will have access to your data, though you will probably need to take
>> >> "ownership" of the profile folders first as an administrator. To do
>> >> such
>> > you
>> >> will need to boot from the cdrom drive and install a new copy of the
>> >> operating system, preferrably to another partition of your hard drive
>> >> and
>> > do
>> >> NOT format a partition unless you are willing to lose all the data on
>> >> it.
>> >> See the link below for more info. Good luck. --- Steve
>> >>
>> >> http://support.microsoft.com/kb/266465
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 --
>> >> works
>> > the
>> >> same in W2K.
>> >>
>> >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
>> >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
>> >> >I messed up while creating a user account for my kid and setting
>> >> >permissions
>> >> > in W2K Professional (SP-2 was last update) ... After reading article
>> >> > ID
>> >> > 285793 on the subject, I think I know what I did wrong and how to
>> >> > fix
>> > it(I
>> >> > accidentally set the "Deny logon locally" parameter). The
>> >> > resolution
>> >> > in
>> >> > the
>> >> > article however, assumes you can get logged on ... I can't get past
>> >> > the
>> >> > logon
>> >> > screen. I tried lauching in safe mode and I tried using my W2K
>> >> > startup
>> >> > disc
>> >> > w/CD support but neither way worked. Is there any way to bypass the
>> >> > "applying local security policy" function when windows launches so
>> >> > that
>> > I
>> >> > can
>> >> > actually get logged on to fix my mistake?
>> >> >
>> >> > Any help would be greatly appreciated.
>> >> > Russ
>> >>
>> >>
>> >
>> >
>>
>>
>>
Anonymous
a b 8 Security
November 30, 2004 11:22:17 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Yep, as long as it is just a _local_ policy issue.
(ps. System has NTFS access due to hidden membership
in the Administrators group)

--
Roger
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:2YRqd.111158$V41.68633@attbi_s52...
> Hi Roger.
>
> Cool. I know that works for user configuration but was not sure about
> computer configuration policy. Hopefully he gets it sorted out as it can
be
> a real pain when you don't have another computer on hand to help out. ---
> Steve
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
> > Hi Steve,
> >
> > Actually, with a parallel install, one can set a deny on the
> > %system32%\group policy folder (deny administrators) of
> > the other system, just like one does with access via a network
> > share mapping.
> > This prevents application during the admin login so that
> > they can then remove the deny and edit the policy to remove
> > the offending setting.
> >
> > --
> > Roger
> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> > news:JJRqd.176476$R05.95923@attbi_s53...
> >> The link below shows two ways to do it but both require the help of
> > another
> >> computer on the network.
> >>
> >> http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >>
> >> If you don't have another computer to help you, the only alternatives I
> > know
> >> are to install a parallel operating system to try and replace the
> >> secedit.sdb file from the parallel installation. Otherwise you will
need
> > to
> >> do a fresh install of the operating system - an upgrade install will
not
> >> work if I remember correctly. What you could do is to reinstall the
> >> operating system into the existing \winnt folder being sure NOT to
format
> >> anything. You would follow the prompts to install the operating system
> > onto
> >> the same drive and then the installation will warn you that an existing
> >> installation exists and ask if you want to install to the existing
\winnt
> >> folder. When you select yes I believe you have to select L to proceed.
> >>
> >> The advantage of this type of install is that your data and original
> >> profiles will be preserved but all your applications [other then
Internet
> >> Explorer] will have to be reinstalled, probably to existing locations
as
> > in
> >> "on top" of themselves. You would then have to install the latest
service
> >> pack and critical updates and find your old profile under documents and
> >> settings folder to copy your data, emails, etc. That could be a lengthy
> > task
> >> if you do not have a high speed internet connection and you would have
to
> > be
> >> sure that a firewall protects your computer before connecting it to the
> >> internet. Also if you happen to have any EFS encrypted files they will
be
> >> lost forever if you do not have a backup of your EFS private key used
to
> >> encrypt the files in a .pfx file somewhere.
> >>
> >> Otherwise try a parallel installation first though there is no
guarantee
> >> that replacing secedit.sdb on the locked out install will work. The
> >> upside
> >> is that if it works, all your applications will still work and you will
> > not
> >> have to install service pack or critical updates and at the very least
> >> you
> >> will have access to your data, though you will probably need to take
> >> "ownership" of the profile folders first as an administrator. To do
such
> > you
> >> will need to boot from the cdrom drive and install a new copy of the
> >> operating system, preferrably to another partition of your hard drive
and
> > do
> >> NOT format a partition unless you are willing to lose all the data on
it.
> >> See the link below for more info. Good luck. --- Steve
> >>
> >> http://support.microsoft.com/kb/266465
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 --
works
> > the
> >> same in W2K.
> >>
> >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
> >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
> >> >I messed up while creating a user account for my kid and setting
> >> >permissions
> >> > in W2K Professional (SP-2 was last update) ... After reading article
ID
> >> > 285793 on the subject, I think I know what I did wrong and how to fix
> > it(I
> >> > accidentally set the "Deny logon locally" parameter). The resolution
> >> > in
> >> > the
> >> > article however, assumes you can get logged on ... I can't get past
the
> >> > logon
> >> > screen. I tried lauching in safe mode and I tried using my W2K
startup
> >> > disc
> >> > w/CD support but neither way worked. Is there any way to bypass the
> >> > "applying local security policy" function when windows launches so
that
> > I
> >> > can
> >> > actually get logged on to fix my mistake?
> >> >
> >> > Any help would be greatly appreciated.
> >> > Russ
> >>
> >>
> >
> >
>
>
!