IT Employment

Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion


Default domain policy

By fx.king ·

I've managed to disable use of mmc's and the run facility (among others)by using the default domain policy, not realising it would apply to administrators - which obviously it does.

I cannot get into active directory users and computers to change the policy.

Has anybody got any ideas as to how I can bypass/change this policy - without re-building the server?

Many thanks


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

same problem

by rjardiolin In reply to Default domain policy

I have the same problem yesterday. Any help would be appreciated. thanks.

Collapse -

Try This

by difster In reply to Default domain policy

1. Connect to the machine from another W2K system on the
network. At a DOS prompt:
net use \\<computername> /u:<computername>\<AdminAccount>
For example:
net use \\computer1 /u:computer1\Administrator password1

2. Create new admin user on the remote system you need to
Open Start-Programs-Administrative Tools-Computer
Select 'Action-Connect to another computer' from the menu
and connect to the remote system
User 'Local Users and Groups' under Computer Management to
create user (say 'GPDeny') with Administrator rights

3. Set permissions on c:\winnt\system32\grouppolicy to
deny access to the GPDeny user you just created:
Open \\<computer>\c$\winnt\system32 folder on remote
computer and make hidden folders viewable through Tools-
Folder Options menu.
Edit security on GroupPolicy folder to add GPDeny user
with Deny access selected for all permissions.

4. Log on locally to the system you are fixing as GPDeny
and run mmc with permissions of another admin account that
does have access to the GroupPolicy folder using
the 'RunAs' utility:
Logon as GPDeny and open DOS prompt then run:
runas /user:<AdminAccount> mmc
For example
runas /user:Administrator mmc

Related Discussions

Related Forums