Admin / Domain Admin rights problem

A

Andy Roxburgh

Hi,
I'm using SBS2000 as my primary DC.
I have a problem - the Administrator account cannot access 'HKLM' keys in
the registry. I've been told it is because the Administrator is not a member
of the Domain Admins group. Except, accoring to SBS Admin console, it is.
Furthermore I can't change the permissions for HKLM using the registry
editor. I need to give the account access to HKLM but don't know what else
to do - help!

Thanks

Andy
 
R

Roger Abell

Evidently you can view the security settings on HKLM
Who/What account/group does have full permissions?
You will need to use an account that does have the ability.
 
A

Andy Roxburgh

Actually I can't view the security settings - a message pops up telling me I
can change them but not view them... except when I try to change them it
won't let me do that either.

So I can't see what accounts have full permissions!

Andy
 
S

Steven L Umbach

Make sure that you are logging on as the administrator account and not some
renamed administrator which is sometimes used as a domain account. The
command "net user administrator" will display group membership. Also verify
that domain admins is a member of the administrators group for the domain as
it is possible for it to be removed. You should also run a full malware scan
on your server being sure to use the latest definitions from your vendor.
Also some "protection" packages can block access to the registry I am told.
You may want to boot into safe mode to see if that helps. Subinacl is a tool
that can be used to view and change file and registry permissions at the
command line if need be. However it is very powerful and I would not use it
unless you have a full image type backup of your server or you are very
confident that you are using the right command possibly from trying it on a
test computer first. Group Policy can also be used to manage registry
permissions via computer configuration/Windows settings/security settings -
registry though you need to be careful doing such and should unlink the
Group Policy when done and needs to be linked to the proper OU where the
computer accounts are. Improper use of file/registry permissions via Group
Policy can cause performance problems in the domain. --- Steve

http://www.microsoft.com/downloads/...56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
-- subinacl
http://www.jsifaq.com/SUBR/tip8700/rh8724.htm -- Group Policy to manage
file/registry permissions.
 
A

Andy Roxburgh

Hi Steven,
Make sure that you are logging on as the administrator account and not some
renamed administrator which is sometimes used as a domain account. The
command "net user administrator" will display group membership.
Click to expand...

I get (exactly as output) :
.....
Logon Script
User Profile
Home Directory
Last logon 6/30/2005 2:00pm

Logon Hours Allowed All

Local Group Memberships
*Account Operators
*Administrators
*Backup operators
*Server Operators
*Print Operators

Global Group Memberships
*Exchange Services
*Domain Admins
*Domain Users
*Enterprise Admins
*Exchange Domain Serve
*Group Policy Creator
*Backoffice Internet U
*Scheme Admins
Also verify
that domain admins is a member of the administrators group for the domain as
it is possible for it to be removed.
Click to expand...

I checked this with the SBS Admin console and it appears to be OK.
You should also run a full malware scan
on your server being sure to use the latest definitions from your vendor.
Click to expand...

Just tried a full AV scan and it consistently locks up half way through -
not a great sign!
Just ran MS Antyspyware beta and it's clean; will try a different AV scanner
and try again.
Also some "protection" packages can block access to the registry I am told.
You may want to boot into safe mode to see if that helps.
Click to expand...

Will try this at the weekend - the server's in use at the moment.
Subinacl is a tool
that can be used to view and change file and registry permissions at the
command line if need be. However it is very powerful and I would not use it
unless you have a full image type backup of your server or you are very
confident that you are using the right command possibly from trying it on a
test computer first.
Click to expand...

Thanks! Have used it to show the HKLM permissions. Typing
subinacl /key HKEY_LOCAL_MACHINE /display
I get :

===========================
+KeyReg HKEY_LOCAL_MACHINE
===========================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000



and this compares to HKEY_USERS which I do have access to as follows:


===================
+KeyReg HKEY_USERS
===================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

To me it looks fine; but there's definitely something wrong somewhere
because it won't show HKLM permissions etc from regedit!

Do you think I should try

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f

?

Ironically the reason I'm going through all this is so that I can create a
ghost image - I'm using Veritas IDR and it's not playing ball.
So I can't easily ghost the server before making changes.
Group Policy can also be used to manage registry
permissions via computer configuration/Windows settings/security settings -
registry though you need to be careful doing such and should unlink the
Group Policy when done and needs to be linked to the proper OU where the
computer accounts are. Improper use of file/registry permissions via Group
Policy can cause performance problems in the domain. --- Steve
Click to expand...

I don't appear to have the 'registry' item available under 'security
settings'....

It's not looking good is it??!

Andy
 
S

Steven L Umbach

Hmm. From what I can tell it looks like subinacl shows that administrators
have full control of HKLM. I am at a loss as why you can not edit it. I
always use regedt32 for Windows 2000 so you may want to try that if you have
not yet. If it was my computer I would not use subinacl until I had an image
backup. As far as Group Policy - registry you will not see that in Local
Group Policy but it should show in Domain Controller Security Policy if SBS
has such. If you can not get for antivirus to work try using the SysClean
utility from Trend Micro [see links below]. Just download Sysclean and the
pattern file [after unzipping] into a common folder to run from - no
installation is involved. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp
 
R

Roger Abell

It sure is starting to sound like a malware based inhibition
of registry tool access.

--
Roger
Steven L Umbach said:
Hmm. From what I can tell it looks like subinacl shows that administrators
have full control of HKLM. I am at a loss as why you can not edit it. I
always use regedt32 for Windows 2000 so you may want to try that if you have
not yet. If it was my computer I would not use subinacl until I had an image
backup. As far as Group Policy - registry you will not see that in Local
Group Policy but it should show in Domain Controller Security Policy if SBS
has such. If you can not get for antivirus to work try using the SysClean
utility from Trend Micro [see links below]. Just download Sysclean and the
pattern file [after unzipping] into a common folder to run from - no
installation is involved. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp

Andy Roxburgh said:
Hi Steven,


I get (exactly as output) :
....
Logon Script
User Profile
Home Directory
Last logon 6/30/2005 2:00pm

Logon Hours Allowed All

Local Group Memberships
*Account Operators
*Administrators
*Backup operators
*Server Operators
*Print Operators

Global Group Memberships
*Exchange Services
*Domain Admins
*Domain Users
*Enterprise Admins
*Exchange Domain Serve
*Group Policy Creator
*Backoffice Internet U
*Scheme Admins
domain
as

I checked this with the SBS Admin console and it appears to be OK.
vendor.

Just tried a full AV scan and it consistently locks up half way through -
not a great sign!
Just ran MS Antyspyware beta and it's clean; will try a different AV
scanner
and try again.


Will try this at the weekend - the server's in use at the moment.
use
it on
a

Thanks! Have used it to show the HKLM permissions. Typing
subinacl /key HKEY_LOCAL_MACHINE /display
I get :

===========================
+KeyReg HKEY_LOCAL_MACHINE
===========================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000



and this compares to HKEY_USERS which I do have access to as follows:


===================
+KeyReg HKEY_USERS
===================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

To me it looks fine; but there's definitely something wrong somewhere
because it won't show HKLM permissions etc from regedit!

Do you think I should try

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f

?

Ironically the reason I'm going through all this is so that I can create a
ghost image - I'm using Veritas IDR and it's not playing ball.
So I can't easily ghost the server before making changes.


I don't appear to have the 'registry' item available under 'security
settings'....

It's not looking good is it??!

Andy
Click to expand...
Click to expand...
 
S

Steven L Umbach

I was wondering about such. Hopefully using Sysclean and trying from safe
mode will give a clue. I also understand that some "internet protection"
packages can also block access to/protect the registry and users often do
not realize such or forget about it when they install those type programs.
I have not used such a program myself. Many of the antivirus programs are
going far beyond just malware detection and removal which I guess is a good
thing if a user understands/remembers what is being done to their
omputer. --- Steve



Roger Abell said:
It sure is starting to sound like a malware based inhibition
of registry tool access.

--
Roger
Steven L Umbach said:
Hmm. From what I can tell it looks like subinacl shows that
administrators
have full control of HKLM. I am at a loss as why you can not edit it. I
always use regedt32 for Windows 2000 so you may want to try that if you have
not yet. If it was my computer I would not use subinacl until I had an image
backup. As far as Group Policy - registry you will not see that in Local
Group Policy but it should show in Domain Controller Security Policy if SBS
has such. If you can not get for antivirus to work try using the SysClean
utility from Trend Micro [see links below]. Just download Sysclean and
the
pattern file [after unzipping] into a common folder to run from - no
installation is involved. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp

Andy Roxburgh said:
Hi Steven,

Make sure that you are logging on as the administrator account and not
some
renamed administrator which is sometimes used as a domain account. The
command "net user administrator" will display group membership.

I get (exactly as output) :
....
Logon Script
User Profile
Home Directory
Last logon 6/30/2005 2:00pm

Logon Hours Allowed All

Local Group Memberships
*Account Operators
*Administrators
*Backup operators
*Server Operators
*Print Operators

Global Group Memberships
*Exchange Services
*Domain Admins
*Domain Users
*Enterprise Admins
*Exchange Domain Serve
*Group Policy Creator
*Backoffice Internet U
*Scheme Admins

Also verify
that domain admins is a member of the administrators group for the domain
as
it is possible for it to be removed.

I checked this with the SBS Admin console and it appears to be OK.

You should also run a full malware scan
on your server being sure to use the latest definitions from your vendor.

Just tried a full AV scan and it consistently locks up half way through -
not a great sign!
Just ran MS Antyspyware beta and it's clean; will try a different AV
scanner
and try again.

Also some "protection" packages can block access to the registry I am
told.
You may want to boot into safe mode to see if that helps.

Will try this at the weekend - the server's in use at the moment.

Subinacl is a tool
that can be used to view and change file and registry permissions at the
command line if need be. However it is very powerful and I would not use
it
unless you have a full image type backup of your server or you are
very
confident that you are using the right command possibly from trying it on
a
test computer first.

Thanks! Have used it to show the HKLM permissions. Typing
subinacl /key HKEY_LOCAL_MACHINE /display
I get :

===========================
+KeyReg HKEY_LOCAL_MACHINE
===========================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000



and this compares to HKEY_USERS which I do have access to as follows:


===================
+KeyReg HKEY_USERS
===================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

To me it looks fine; but there's definitely something wrong somewhere
because it won't show HKLM permissions etc from regedit!

Do you think I should try

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f

?

Ironically the reason I'm going through all this is so that I can
create a
ghost image - I'm using Veritas IDR and it's not playing ball.
So I can't easily ghost the server before making changes.

Group Policy can also be used to manage registry
permissions via computer configuration/Windows settings/security
settings -
registry though you need to be careful doing such and should unlink
the
Group Policy when done and needs to be linked to the proper OU where the
computer accounts are. Improper use of file/registry permissions via
Group
Policy can cause performance problems in the domain. --- Steve

I don't appear to have the 'registry' item available under 'security
settings'....

It's not looking good is it??!

Andy
Click to expand...
Click to expand...
Click to expand...
 
R

Roger Abell

Steven L Umbach said:
I was wondering about such. Hopefully using Sysclean and trying from safe
mode will give a clue. I also understand that some "internet protection"
packages can also block access to/protect the registry and users often do
not realize such or forget about it when they install those type programs.
I have not used such a program myself. Many of the antivirus programs are
going far beyond just malware detection and removal which I guess is a good
thing if a user understands/remembers what is being done to their
omputer. --- Steve
Click to expand...

Ey, brave new world now, and again coming, isn't it Steve ?
Half of the ground rules will probably have shifted by your return.
Have a great time up north Sir, an kiss the short sweet Summer once
for me, ok?
 
S

Steven L Umbach

I guess time waits for no one as technology marches on though sometimes it
is nice to get away from it all. I will be around for a couple of weeks
t. -- Steve
 
A

Andy Roxburgh

FYI, the problem eventually got fixed by using the reset.cmd script and
SubInAcl.exe.



Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

no Domain Admin rights to a Domain Server 3
Administrator without admin rights problem 1
Local admin account rights 1
Domain admin has lost administrative rights 6
Local domain admin account 3
Remote admin problem 1
Lost Password for Domain Controller Administrator A/c 3
Admin Rights? > Can't Install 1

Top