2000 server Group Policy problem

smoothtech used Ask the Experts™
The problem I am having is that I created a new Group Policy in Active Directory to restrict user access to info they dont need (windows article Q278295) such as the shut down option and administrative tools.  Once I created an Oragnizational Unit for our needs, I restricted myself as administrator from the Shut Down button, accessing MMC, and accessing the Network and Dial up Connections applet.  So I deleted the new OU I had created and rebooted the server and still get the message that I don't have permission to access the above functions.  Weirdly enough, when I installed IE6, the Shut Down option came back but I still cannot access MMC or the Network and Dial up Connections.  Can you help me?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Did you backup the registy before doin this? If so you may be able to get back to where you were before making those settings.

Note the following approcah will not replace any system files.

Can you boot to your Win2000 CD? If so then when it finally boots At the "Welcome to Setup" screen, press F10, or press R to repair, and then C to start the Recovery Console this will allow you to use the command line. From here do something like the following. Or if the file system is FAT32 you can use a Win98 bootdisk to do this. www.bootdisk.com

COPY /Y C:\WINNT\repair\RegBack\TheParticularHive C:\WINNT\system32\config\

This will replace the registry hive to the last time that hive was bacped up. Hopefully you didn't backup the registry at the time the problems started to happen.

Following is a list of the files that are the registry hives. I would suggest starting with the SECURITY hive and then reboot and if the problem still persists do the SYSTEM hive next. Note these files don't have a file extension on them


For the SYSTEM hive you could try the following before doing the copy method.

ren c:\windows\system32\config\SYSTEM SYSTEM.bak
ren c:\windows\system32\config\SYSTEM.alt SYSTEM

I would suggest to first backup these hives from the C:\WINNT\system32\config\ to folder of your making or choice just don't back them up to the C:\WINNT\repair\RegBack\ folder.  

You will probably need to reapply any services patches that you have previously installed.

The Crazy One


Well....I did the copy of the SECURITY hive and now I am having a major registry problem.  I did not have the \RegBack folder so I used the one in C:\winnt\repair and once I did that now I get the error:

Security Accounts Manager initilization failed because pf the following error: The value provided was an invalid value for an identified authority. Error Status: 0xc0000084. Reboot to Directory Services Restore Mode.

This error pops up as the computer is checking the network connections and then when I say ok it goes back and reboots.  I can gain access to the server by going into the safe mode Directory Services Restore Mode but so far I have not been able to fix this....what do I do?


Put the previous SECURITY hive back in place hence the reason I suggested backing up all the hives before copying the other ones over. Your backups are too old. You apparently haven't backed up the registry since the initial install hence why there isn't a RegBack folder.
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

if you created the GPO and applied it to a new OU did you also move the administrator account to the new OU?  if not then the GPO was applied to the domain instead of just the OU.  check to see if the GPO is showing as applied to the domain.


Well....what ended up happening is that there was some kind of SAM corruption and I was not able to even log onto the OS...even though   So what I did was create a new install of Windows 2000 on the D: drive and that way Iwas able to get to all the data.  I also had to reinstall Active Directory. This means that I have a huge mess I will have to clean up eventually but now I can at least back up all the important data that I need.  

kaliki...if I was at the point before I deleted the OU I would gladly try your advice....thanks

CrazyOne I appreciated your timely response and even though I messed things up on my own, I did learn from what you suggested.  Thanks.

Messing up is part of the learning process. Or at least that is were s fair amount or my experience has come from. :>)

No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- PAQ'd and points removed

Please leave any comments here within the
next seven days.


Per recommendation, points NOT refunded and question closed.

EE Admin

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial