Solved

Can't login to Win2000

Posted on 2004-03-21
15
174 Views
Last Modified: 2010-04-12
Hi experts

Previously I was able to login to my Windows2000 using my Administrator id. But carelessly, I went to Local Security Settings in Administrative Tools and made some changes which I am not quite sure of.

I believe I made some changes in Local Policies -> User Rights Assignment

and the changes I made is

Deny logon locally --> I put my Administrator id there

and now I am not able to login to my Win2K with the error message such as "Local security/policy do not allow you to access this computer. I forget the exact error message but kinda like it.

I have the ERD Commander so I am able to go to see my files. So can you guys advise me or give me any idea how to changed back the setting so I can access my Win2K normally again ?

Using the ERD commander, I can access the Regedit eventhough on HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE, but I have no idea which one that I need to change if there is.

Thanks all
0
Comment
Question by:joris_navius
  • 4
  • 3
  • 2
  • +3
15 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10647173
There is nothing in the registry you can do to fix this.

You need to get another machine and connect to yours from it.

Use your administrator logon to make a connection and then use the "manage my computer" snapin to connect to to your machine and create a new administrator account. Log on with that that and reverse what you did.

Cheers

JamesDS

0
 
LVL 2

Expert Comment

by:omyowhy
ID: 10647318
Now you know that the "Deny logon locally" will prohibit a user from logging on directly at the computer's keyboard.
The easiest way to fix it is to connect to your PC from another PC and undo the change you've made (from  computer mangement > action > connect to another computer).



0
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 10647581
0
 

Expert Comment

by:mahabat
ID: 10647864
you have to reset all policies on win2000, to do this enter the harddisk and go to winnt--->system32------>config
and delete "SAM" file

remember it will reset all security policies and delete all users accept administrator and guest. then give administrator in username field and login with blank password field.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10648006
do this only as a total last resort, it will fry all your permissions, you will have to take control of everything and you will lose anything you have encypted with certificates - probably permanently!

You may have to rebuild your machine anyway

Cheers

JamesDS
0
 

Author Comment

by:joris_navius
ID: 10709726
Hi Mahabat

Tried to go to the config folder but there is not  SAM file there. What should I do next ? I was not able to connect to my PC from other computer. Mine using win2K and the other computer is using WinXP. Is it possible to connect it using that setting ? Or should I connect it using the same Win2K also ?

What if I install again my Win2K, will all the setting or my application in Win2K be replaced or purged ? How to make all the applications setting be available again after I re-install the Win2K

Please advise.

Thanks
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 16

Accepted Solution

by:
JamesDS earned 250 total points
ID: 10710968
joris_navius

If you re-install, you will lose all of your applications and settings. Some of your settings can be preserved, but you will have to re-install everything from scratch.

Windows 2000 uses a SAM file and it is in the %WINDIR%\SYSTEM32\CONFIG directory. It may be hidden, but it is there and will be accessible by the ERD commander.

It makes no difference if your machine is W2k and the other is WXP. You must connect them together on the same IP SUBNET:

MACHINE1 W2k IP: 192.168.0.1, Subnet 255.255.255.0
MACHINE2 WXP IP: 192.168.0.2, Subnet 255.255.255.0

Make sure you can oing them before you proceed

Then from MACHINE2 WXP enter the following at the command line:

Net use \\192.168.0.1\ipc$ * /user:192.168.0.1\Administrator

It will ask you for your password, which you can enter now.

Then from the command line run MMC.EXE, select add/remove snapin and add the "Group Policy" snapin. Use the Group Policy Wizard to enter the the IP address of MACHINE1 W2k (192.168.0.1)

Use the Group Policy snapin to undo what you did in the first place
Cheers

JamesDS





0
 

Author Comment

by:joris_navius
ID: 10710998
Hi JamesDS

Thanks for your detail information. I will try this and will let you know the result.
0
 

Expert Comment

by:mahabat
ID: 10711341
Hi Joris Navius

Boot ur PC from any bootable cd and then goto the path "winnt\SYSTEM32\CONFIG "
then u can access to the win2k and then u can connect the pc to another pc.
First boot the pc from any bootable cd and then go to that directory and delete SAM file
clear ?
0
 

Author Comment

by:joris_navius
ID: 10711617
Hi Mahabat

Sorry i am not so clear about it.
Go to the path "winnt\SYSTEM32\CONFIG" then i can access to win2k and then i can connect the pc to another pc.
can you explain that portion ? Am not so clear.

For SAM file, I will try to delete it using ERD commander.
0
 

Author Comment

by:joris_navius
ID: 11538706
Hi all
Sorry for the late reply

I did not manage to do as what Jamesd told me. At the end, I reinstall everything.
But I think JamesD solution should work in some cases. In that case please give the points to JamesD

Thanks
0
 
LVL 11

Expert Comment

by:turn123
ID: 11538774
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now