Domain Controller Security Policy settings for SQL - messed up Administrator account

Posted on 2006-06-06
Last Modified: 2010-04-19
Made some changes to the Domain Controller Security policy settings to allow the SQL reporting server to work correctly.

I manually assigned the impersonate a client after authentication to the IWAM account, but inadvertantly assigned it also to the server administrator account.

This means that I now how VERY limited access to the server and cannot reverse these setting through the traditional admin tools.

I tried restoring a backup but it did not resolve the problem.

Can somebody advise how I can reset the security policies for the domain controller back to where i started ?

many thanks

Question by:NiSiWi
    LVL 74

    Accepted Solution

    Unfortunately, you now know that you shouldn't do that.  Next time, create a NEW GPO for any modifications, or at the very least do a full backup of policies before starting.

    Since you cannot now reverse these you can't even restore from the backup, so you have to do a System State Restore.  Press F8 as the system boots and select that option.


    Author Comment

    Thanks Jeff,

    I managed to create another admin account, but things still see a bit mesed up as a few other problems have crept in.

    For some reason the COM+ services are not starting up correctly.
    Have tried renaming the clbcatq.dll file and removing COM3 entries from the registry nd then running the add/remove windows components to force it to install COM+ again but I receive an 0x80040206 error saing that the COM+ clasess could not be registered.
    Any ideas.
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    Any ideas?  Yeah... stop doing things like that!  Where did you get the idea to mess with the registry and remove COM3 entries???  Com+ Services is not an optional component and cannot be removed/reinstalled.

    You now must reinstall your entire Operating System... sorry to say.

    From now on, do not attempt to create your own remedies for these things.  ALWAYS follow knowledge base articles that are specific to your problem.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
    In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now