Hi all, I am the administrator of a small Windows NT 4.0 network. I have been experimenting with NT policies and have run into trouble. I have accidentally applied a VERY restrictive system policy to ALL accounts in the domain, including the administrator account. The policy is so strict that I can't run the policy editor (poledit.exe), can't run ANY other administrative application, can't open a command-line shell, can't browse the network, can't edit the registry, and can't even browse files on the server's hard disks! I am essentially locked out of my own system... Does anyone know how I can bypass this with or without administrative access? I am a total loss for what to do! Any suggestions or advice would be greatly appreciated! Thank you!

Hope you have an ERD.

All the books that I've read say you will have to re-install NT. You can't do a repair because it keeps registry settings and user accounts, and since you modified the registry with the policy it won't free it up for you. Sorry!

No, I didn't have an ERD (gasp). And no, I didn't have to reinstall (thank GodO). Thanks to a tip from a helpful source, I figured it out. I logged onto the local administrator accounts on one of the workstations. From there I was able to map a drive to the C$ share on the PDC. Accessing this share, I was able to copy the poledit.exe and associated files (including the .adm files) to the workstation. I could then alter the NTconfig.pol file in the NETLOGON share. Unforunately, this didn't work either. The policy for the administrator account was being stored elsewhere. I simply gave up and deleted the administrator profile (NTuser.dat). This allowed me to log on with a default profile and bypass the policy. Just though people might be interested...

The first 2 replies are from pratts who dont have a clue!! The 3rd reply is correct, Get on another NT machine set up sytem policy editor and create a new policy that is unrestricted, this is saved as ntconfig.pol. copy it into NETLOGON on the PDC. Hopefully unless you copied it elsewhere this will overcome the problem, good luck. I would like to say to the others that if you cant help constructively dont contribute

Dear Sir the policies are applied to the administrator on local to? if not log off and leave network Logon to local computer and try... Good luck