Urgent - Modified Security Permissions for SECURITY Registry Key

[Steve Ireland]

I have accidentally - somehow - removed Administrators from the list of
permissions to the HKLM-SECURITY registry key. I have set the SYSTEM account
to Write DAC and Read Control permissions only. Hit Apply. Have sen no
effects just yet. Did this on the Master Role DC. Have a second DC. Is there
any way that I can use the SYSTEM security permissions to revert the Key to
permissions for Administrator and FULL permission for SYSTEM as it should
be.....

Most grateful.

 

[Steve Ireland]

Currently when I try to "add" Administrator permissions I get a dialog
telling me that the security dialog cannot pop up becuase the computer
cannot determine whether the DC is a member of a domain......

Sweating profusely. Don' want to make it worse. I have enabled the "Allow
Inheritable Permissions...", which has pulled Administrator permisions from
the parent folder. I have access again. I'll reset the permissions to their
default. I think I'm okay now and I don't think anyone noticed.

Phew. Thank you Allah, Buddah, Jebus.

 

[Joe Richards [MVP]]

I am not quite sure why you would do something like that apparently in
production. But I assume you have learned a solid lesson from it.

Security lock down, especially on a DC, can be quite dangerous.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm