Funny problem - Safety Strategy

[Guest]

How can an administrator remove the group "All Users" in "Refuse the opening of local session" in the local strategy of a server if he can log in locally to his station.

 

[Steven L Umbach]

An administrator would be able to modify user rights assignements in Local Security
Policy while logged on, but may lock himself out to next logon if he is not
areful. -- Steve

How can an administrator remove the group "All Users" in "Refuse the opening of

local session" in the local strategy of a server if he can log in locally to his
station.

 

[Steven L Umbach]

If it is a domain computer, you can move it into an OU that has user rights
assignments configured to override the local policy. If not in a domain, then it is
possible to fix that access problem a number of ways as described in the link below
or create a batch file using secedit to change the user right assignement back by
copying it to the computer via administrative share and remotely configuring Group
Policy on it to run as a startup script by using mmc/Group Policy - another computer
logging onto the remote computer with an account [created if necessary] that has
administrative rights on the locked out computer. --- Steve

http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm

But if an administrator lock himself out. How can he solve this problem. Can he

access to the user rights assignements in Local Security on his server from another
computer and change the user rights!