Locked out by local policy

[John Gopel]

I have locked the administrator out. The administrator
account is denied local login after I added "User" to the
list of accounts who are not allowed to login locally
(Admin tools>Local policy). I was not aware of
that "Administrators" is a subgroup of "User" (I am now
though). The real problem is that the computer is a stand-
alone computer acting as a file server, i.e it does not
belong to a domain. In other words I don't think I can
logon remotely and change back the settings as suggested
elsewhere.

Windows 2000 Server is installed on the computer and it is
connected to a local network.

Please help!

John

 

[Steven L Umbach]

It does not have to be in a domain to access it remotely - you just
need to know administrator account name and password. You are going to have
to run gpedit.msc on another network machine to manage the group policy
remotely. Then you will have to copy a batch file over to it via an
administrative share [c$] and configure that batch file to run as a startup
script via group policy and reboot. The batch file will need to use secedit
to reconfigure the Local Group Policy. Remove the startup script when done.
Use this command in your batch file without brackets -- [ secedit
/configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /areas
user_rights ]. Just copy it into notepad and save it as something like
fixur.bat. --- Steve

http://www.jsiinc.com/sube/tip2100/rh2147.htm