Archived from groups: microsoft.public.win2000.security (
More info?)
If it makes you fee any better I have been there a number of times
yself. --- Steve
"retjefe" <retjefe@discussions.microsoft.com> wrote in message
news:C565966F-B57A-47C1-8ECF-87757BAB4A59@microsoft.com...
> Thanks (Rodger and Steve), I'll give it a whirl. This gives new meaning
> to
> "learning from one's mistakes."
>
> Russ
>
> "Steven L Umbach" wrote:
>
>> Hi Roger.
>>
>> Cool. I know that works for user configuration but was not sure about
>> computer configuration policy. Hopefully he gets it sorted out as it can
>> be
>> a real pain when you don't have another computer on hand to help
>> ut. ---
>> Steve
>>
>>
>> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
>> news:e$EH10o1EHA.2068@TK2MSFTNGP10.phx.gbl...
>> > Hi Steve,
>> >
>> > Actually, with a parallel install, one can set a deny on the
>> > %system32%\group policy folder (deny administrators) of
>> > the other system, just like one does with access via a network
>> > share mapping.
>> > This prevents application during the admin login so that
>> > they can then remove the deny and edit the policy to remove
>> > the offending setting.
>> >
>> > --
>> > Roger
>> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> > news:JJRqd.176476$R05.95923@attbi_s53...
>> >> The link below shows two ways to do it but both require the help of
>> > another
>> >> computer on the network.
>> >>
>> >>
http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
>> >>
>> >> If you don't have another computer to help you, the only alternatives
>> >> I
>> > know
>> >> are to install a parallel operating system to try and replace the
>> >> secedit.sdb file from the parallel installation. Otherwise you will
>> >> need
>> > to
>> >> do a fresh install of the operating system - an upgrade install will
>> >> not
>> >> work if I remember correctly. What you could do is to reinstall the
>> >> operating system into the existing \winnt folder being sure NOT to
>> >> format
>> >> anything. You would follow the prompts to install the operating system
>> > onto
>> >> the same drive and then the installation will warn you that an
>> >> existing
>> >> installation exists and ask if you want to install to the existing
>> >> \winnt
>> >> folder. When you select yes I believe you have to select L to proceed.
>> >>
>> >> The advantage of this type of install is that your data and original
>> >> profiles will be preserved but all your applications [other then
>> >> Internet
>> >> Explorer] will have to be reinstalled, probably to existing locations
>> >> as
>> > in
>> >> "on top" of themselves. You would then have to install the latest
>> >> service
>> >> pack and critical updates and find your old profile under documents
>> >> and
>> >> settings folder to copy your data, emails, etc. That could be a
>> >> lengthy
>> > task
>> >> if you do not have a high speed internet connection and you would have
>> >> to
>> > be
>> >> sure that a firewall protects your computer before connecting it to
>> >> the
>> >> internet. Also if you happen to have any EFS encrypted files they will
>> >> be
>> >> lost forever if you do not have a backup of your EFS private key used
>> >> to
>> >> encrypt the files in a .pfx file somewhere.
>> >>
>> >> Otherwise try a parallel installation first though there is no
>> >> guarantee
>> >> that replacing secedit.sdb on the locked out install will work. The
>> >> upside
>> >> is that if it works, all your applications will still work and you
>> >> will
>> > not
>> >> have to install service pack or critical updates and at the very least
>> >> you
>> >> will have access to your data, though you will probably need to take
>> >> "ownership" of the profile folders first as an administrator. To do
>> >> such
>> > you
>> >> will need to boot from the cdrom drive and install a new copy of the
>> >> operating system, preferrably to another partition of your hard drive
>> >> and
>> > do
>> >> NOT format a partition unless you are willing to lose all the data on
>> >> it.
>> >> See the link below for more info. Good luck. --- Steve
>> >>
>> >>
http://support.microsoft.com/kb/266465
>> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421 --
>> >> works
>> > the
>> >> same in W2K.
>> >>
>> >> "retjefe" <retjefe@discussions.microsoft.com> wrote in message
>> >> news:ECF36415-812F-4FDA-8217-639EE77466DD@microsoft.com...
>> >> >I messed up while creating a user account for my kid and setting
>> >> >permissions
>> >> > in W2K Professional (SP-2 was last update) ... After reading article
>> >> > ID
>> >> > 285793 on the subject, I think I know what I did wrong and how to
>> >> > fix
>> > it(I
>> >> > accidentally set the "Deny logon locally" parameter). The
>> >> > resolution
>> >> > in
>> >> > the
>> >> > article however, assumes you can get logged on ... I can't get past
>> >> > the
>> >> > logon
>> >> > screen. I tried lauching in safe mode and I tried using my W2K
>> >> > startup
>> >> > disc
>> >> > w/CD support but neither way worked. Is there any way to bypass the
>> >> > "applying local security policy" function when windows launches so
>> >> > that
>> > I
>> >> > can
>> >> > actually get logged on to fix my mistake?
>> >> >
>> >> > Any help would be greatly appreciated.
>> >> > Russ
>> >>
>> >>
>> >
>> >
>>
>>
>>