Windows NT Policies -- PLEASE HELP!
|
Original Message
|
Name: Justin Armstrong
Date: October 2, 2000 at 15:17:25 Pacific
Subject: Windows NT Policies -- PLEASE HELP!
|
Comment: Hi all, I am the administrator of a small Windows NT 4.0 network. I have been experimenting with NT policies and have run into trouble. I have accidentally applied a VERY restrictive system policy to ALL accounts in the domain, including the administrator account. The policy is so strict that I can't run the policy editor (poledit.exe), can't run ANY other administrative application, can't open a command-line shell, can't browse the network, can't edit the registry, and can't even browse files on the server's hard disks! I am essentially locked out of my own system... Does anyone know how I can bypass this with or without administrative access? I am a total loss for what to do! Any suggestions or advice would be greatly appreciated!
Thank you!
Report Offensive Message For Removal
|
|
Response Number 2
|
Name: Shaunna
Date: October 3, 2000 at 06:20:11 Pacific
Subject: Windows NT Policies -- PLEASE HELP!
|
Reply: (edit)All the books that I've read say you will have to re-install NT. You can't do a repair because it keeps registry settings and user accounts, and since you modified the registry with the policy it won't free it up for you. Sorry!
 Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: Justin Armstrong
Date: October 3, 2000 at 17:20:10 Pacific
Subject: Windows NT Policies -- PLEASE HELP!
|
Reply: (edit)No, I didn't have an ERD (gasp).
And no, I didn't have to reinstall (thank GodO). Thanks to a tip from a helpful source, I figured it out. I logged onto the local administrator accounts on one of the workstations. From there I was able to map a drive to the C$ share on the PDC. Accessing this share, I was able to copy the poledit.exe and associated files (including the .adm files) to the workstation. I could then alter the NTconfig.pol file in the NETLOGON share. Unforunately, this didn't work either. The policy for the administrator account was being stored elsewhere. I simply gave up and deleted the administrator profile (NTuser.dat). This allowed me to log on with a default profile and bypass the policy. Just though people might be interested...
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: M Tagg
Date: October 6, 2000 at 21:08:50 Pacific
Subject: Windows NT Policies -- PLEASE HELP!
|
Reply: (edit)The first 2 replies are from pratts who dont have a clue!! The 3rd reply is correct, Get on another NT machine set up sytem policy editor and create a new policy that is unrestricted, this is saved as ntconfig.pol. copy it into NETLOGON on the PDC. Hopefully unless you copied it elsewhere this will overcome the problem, good luck.
I would like to say to the others that if you cant help constructively dont contribute
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: Max
Date: November 21, 2000 at 13:58:58 Pacific
Subject: Windows NT Policies -- PLEASE HELP! |
Reply: (edit)Dear Sir
the policies are applied to the administrator on local to?
if not log off and leave network
Logon to local computer
and try...
Good luck
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
