Set default policy

G

Guest

Hi,
i was trying to block a specific user from login on locally, so i used
the local security settings and selected "deny logon locally for
"everyone",so now I can't logon to the machine, i tried using the domain
admin's account and still get the notice "The local policy of this system
does not permit you to logon interactively"
Is there a way to get the settings back to it's default state by using the
recovery console?

Thanks in advance

Donavan
 
S

Steven L Umbach

The easiest way for a domain computer would be to create an Organizational
Unit with a new GPO. In that GPO configure the user right for deny logon
locally to be just the guest account. Move the locked out computer into that
OU. Run secedit /refreshpolicy machine_policy /enforce on the domain
controller [assuming W2K dc]. Reboot the locked out computer and you should
be able to logon. The reverse the change in Local Security Policy on that
computer before you move it out of the OU. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Default Domain Policy 2003 7
Incorrect GPResult result 3
Local Policy Prevents Login Interactively 1
Cannot Logon Locally 2
GPO on Domain controllers OU for-Logon Locally 1
Domain Controller GPO 4
Local Policy does not let me logon interactively 1
How to enforce domain policy for local user? 3

Top