Can't login to Win2000

Posted on 2004-03-21
Last Modified: 2010-04-12
Hi experts

Previously I was able to login to my Windows2000 using my Administrator id. But carelessly, I went to Local Security Settings in Administrative Tools and made some changes which I am not quite sure of.

I believe I made some changes in Local Policies -> User Rights Assignment

and the changes I made is

Deny logon locally --> I put my Administrator id there

and now I am not able to login to my Win2K with the error message such as "Local security/policy do not allow you to access this computer. I forget the exact error message but kinda like it.

I have the ERD Commander so I am able to go to see my files. So can you guys advise me or give me any idea how to changed back the setting so I can access my Win2K normally again ?

Using the ERD commander, I can access the Regedit eventhough on HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE, but I have no idea which one that I need to change if there is.

Thanks all
Question by:joris_navius
  • 4
  • 3
  • 2
  • +3
LVL 16

Expert Comment

ID: 10647173
There is nothing in the registry you can do to fix this.

You need to get another machine and connect to yours from it.

Use your administrator logon to make a connection and then use the "manage my computer" snapin to connect to to your machine and create a new administrator account. Log on with that that and reverse what you did.




Expert Comment

ID: 10647318
Now you know that the "Deny logon locally" will prohibit a user from logging on directly at the computer's keyboard.
The easiest way to fix it is to connect to your PC from another PC and undo the change you've made (from  computer mangement > action > connect to another computer).

LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 10647581

Expert Comment

ID: 10647864
you have to reset all policies on win2000, to do this enter the harddisk and go to winnt--->system32------>config
and delete "SAM" file

remember it will reset all security policies and delete all users accept administrator and guest. then give administrator in username field and login with blank password field.
LVL 16

Expert Comment

ID: 10648006
do this only as a total last resort, it will fry all your permissions, you will have to take control of everything and you will lose anything you have encypted with certificates - probably permanently!

You may have to rebuild your machine anyway



Author Comment

ID: 10709726
Hi Mahabat

Tried to go to the config folder but there is not  SAM file there. What should I do next ? I was not able to connect to my PC from other computer. Mine using win2K and the other computer is using WinXP. Is it possible to connect it using that setting ? Or should I connect it using the same Win2K also ?

What if I install again my Win2K, will all the setting or my application in Win2K be replaced or purged ? How to make all the applications setting be available again after I re-install the Win2K

Please advise.

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

LVL 16

Accepted Solution

JamesDS earned 250 total points
ID: 10710968

If you re-install, you will lose all of your applications and settings. Some of your settings can be preserved, but you will have to re-install everything from scratch.

Windows 2000 uses a SAM file and it is in the %WINDIR%\SYSTEM32\CONFIG directory. It may be hidden, but it is there and will be accessible by the ERD commander.

It makes no difference if your machine is W2k and the other is WXP. You must connect them together on the same IP SUBNET:

MACHINE1 W2k IP:, Subnet

Make sure you can oing them before you proceed

Then from MACHINE2 WXP enter the following at the command line:

Net use \\\ipc$ * /user:\Administrator

It will ask you for your password, which you can enter now.

Then from the command line run MMC.EXE, select add/remove snapin and add the "Group Policy" snapin. Use the Group Policy Wizard to enter the the IP address of MACHINE1 W2k (

Use the Group Policy snapin to undo what you did in the first place



Author Comment

ID: 10710998
Hi JamesDS

Thanks for your detail information. I will try this and will let you know the result.

Expert Comment

ID: 10711341
Hi Joris Navius

Boot ur PC from any bootable cd and then goto the path "winnt\SYSTEM32\CONFIG "
then u can access to the win2k and then u can connect the pc to another pc.
First boot the pc from any bootable cd and then go to that directory and delete SAM file
clear ?

Author Comment

ID: 10711617
Hi Mahabat

Sorry i am not so clear about it.
Go to the path "winnt\SYSTEM32\CONFIG" then i can access to win2k and then i can connect the pc to another pc.
can you explain that portion ? Am not so clear.

For SAM file, I will try to delete it using ERD commander.

Author Comment

ID: 11538706
Hi all
Sorry for the late reply

I did not manage to do as what Jamesd told me. At the end, I reinstall everything.
But I think JamesD solution should work in some cases. In that case please give the points to JamesD

LVL 11

Expert Comment

ID: 11538774

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
website 1 304
Restoring a deleted user from Windows 2000?! 2 144
Windows 16 342
vCenter Converter Standalone 4.01 - Convert Old Server 2000 to VM 4 159
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With the rapid rise in mobile usage, mobile devices are here to stay and have become an integral part of doing business. Here are 9 great apps for your BYOD environment.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now