Solved

local rule locks admin out! after reboot my w2k server declines any login by local or domain admin. is there any chance to login again?

Posted on 2004-03-23
6
145 Views
Last Modified: 2010-04-13
I have a 2 server system running. Maschine A is the DC and Maschine B will be used just as Fileserver. During setup everything was configured as a workgroup and later on I set up the DC and moved Maschien B onto the Domain. On Both Maschines the Terminal Services were installed and running. After Reboot of Maschine A all worked fine but Maschine B came up with a message that the terminal service licenz service could not start up. I didn´t mind that error as I was expecting to fix it later on but today I had to restart both maschines as new dirvers were installed and now Maschine B declines all login request by any admin (local or domain) the message tells me interactive login forbitten by local security settings. Is there any workaround so I could login with admin rights and try to fix the local login settings?
0
Comment
Question by:fm44
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:infradawn
ID: 10657001
If B is still a member of the domain configure Group Policy (on the DC) to overide any local policy so that defined users (administators) are granted interactive logon on B.


iD
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10657399
Try booting up machine "B" with "Last Known Good Config" if you haven't logged in since the problem occured. Worth a try.
0
 

Author Comment

by:fm44
ID: 10685795
I will try but actually I can´t log in with der domain admin either
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 3

Expert Comment

by:infradawn
ID: 10702800
Do you mean that you can't logon to the DC either?

iD
0
 

Author Comment

by:fm44
ID: 10703105
No, sorry if I gave you the wrong impression. I can´t login on maschine "B" using the domain admin account.
0
 
LVL 3

Accepted Solution

by:
infradawn earned 500 total points
ID: 10712757
Ok, so you need to logon to machine 'A' (the DC) with your Domain Admins account and configure Group Policy (Restricted Groups) so that when that policy is applied to machine 'B' (every 90 minutes by default or after a re-boot) the local\administrators group on machine 'B' has the Domains Admin group as a member. Then you'll be able to logon to machine 'B' with any Domain Admins account.


iD
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question