Solved

Some IDIOT placed a domain security policy and now users cannot do ANYTHING cannot open MMC

Posted on 2008-06-17
6
272 Views
Last Modified: 2010-04-18
Ok I need to give details here.   I work for a school district the School has its own domain and the Point of Sale company has its own domain they are not connected in any way.  

The guy in charge of the point of sale network decided to add a security policy to the top of the domain.  This policy has EVERYTHING enabled.  He came to me to fix his oops.  When I log into his DC and try to open the User and Computers MMC it tells me it cant due to restrictions.  I also cannot get to CMD or anything.  How do I fix this guys problem?  

He has everything enabled in this policy and the DC is just locked down.  
0
Comment
Question by:JRose628
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:ocon827679
ID: 21806142
Can you log in with the domain administrator account?
0
 

Author Comment

by:JRose628
ID: 21806175
I am logging in as the domain admin and i am still fully restricted on the machine.  
0
 
LVL 13

Expert Comment

by:ocon827679
ID: 21806265
Does he have a system state backup?  You might have to boot into DSRM mode and authoritatively restore the system state.
http://support.microsoft.com/kb/240363
http://support.microsoft.com/kb/241594
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:JRose628
ID: 21806657
No Backups
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21807418
Try booting into Safe Mode on the DC and unlinking the policy in question.
0
 

Accepted Solution

by:
JRose628 earned 0 total points
ID: 21807460
I got it working.  I was able to remote into a workstation that somehow didnt get the policy (Possibly a inheritance filter)  and was able to install the admin kit and delete the policy.

My boss just sent his boss a very bad email.  :)  Thanks

0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question