Solved

GPO ball up my computer

Posted on 2009-04-09
7
217 Views
Last Modified: 2012-05-06
I have a problem with my computer  - I can not copy or paste anything. The computer can not be access from any other computer on the network, but it can access the server and workstations.

My computer is on a network that runs AD and the Enterprise Domain have working on the GPOs  -  I noticed that we were not longer administrators on our computer.  After talking with them  the Enterprise Admin made some changes to the GPO and asked me to perform a gpupdate /force.  After running the command I could no longer access the network correctly- the Enterprise Admin could not see my computer on the network even though I had an IP address (which I could ping); I could ping the DHCP and DNS server) but he couldnt access my computer at all.  We tried to do a restore from a restore point, but the GPO policy prohibited this.  Im also getting error (error5: access denied) when I try to start RPC  which is not starting as it use to.   To further the problem after restarting my computer and trying to go to the Last Known good config that didnt work.

Thinking that I would just copy the files from my desktop which I can access, however; I can not copy them to another copy or server  -- nor can I access my computer from another machine on the network.  From my computer I can not copy or paste anything, but I can open access other machines on the network.  Also I can not access the Start bar at all  it is hidden at the bottom of the screen.    

This is a mess, at this point  how can I just get the documents off my desk (copy them) and the reformat the computer???
0
Comment
Question by:misterd
  • 3
  • 3
7 Comments
 
LVL 12

Expert Comment

by:piattnd
ID: 24108331
What's the error message you receive when others try to access your machine?  Are they getting access denied?
0
 
LVL 19

Accepted Solution

by:
PeteJThomas earned 250 total points
ID: 24108404
Can you boot into safe mode? If so does that help at all?

You could also either nab the HDD out, connect it to a USB HDD enclosure, and just drag stuff onto another PC or burn it off to CD/DVD from another PC...

Or you can try one of the many bootable environments (such as BartPE: http://nu2.nu/pebuilder/) to boot into an environment outside of your Windows installation to copy the files off to an external USB drive or something.

Just throwing in some possible ideas! :)

Pete
0
 
LVL 15

Expert Comment

by:zelron22
ID: 24108802
He probably can't access your machine because the firewall has been activated.  That would prevent PING and other remote access.

0
 
LVL 12

Expert Comment

by:piattnd
ID: 24110086
Just FYI to the poster, if the issue was a GPO related issue, your domain admin can move you into an OU that doesn't have ANY GPOs associated to it and the issue should clear.  Reboot your machine after he's moved your machine account out of that OU and it will remove all previously associated GPOs.

That's also a test your domain admin can use to identify WHICH GPO caused the issue.
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 24110140
That may work, although I think a lot of GPO settings are persistent, and don't actually revert back to normal once the GPO is removed - You actually have to continue to use the GPO, but with whatever new settings you want. It's worth a shot though by all means!

Pete
0
 
LVL 12

Expert Comment

by:piattnd
ID: 24110205
I forgot to also specify, if it was a GPO assigned to your user OU or Computer OU, that's the account they need to move.  They should know what they did and I'm kinda surprised they haven't undone it if it truely is a GPO issue.

I agree with Pete though, it's possible removing the GPO may not revert all changes.  For example, if the GPO forced the firewall to be turned on, removing the GPO may not revert that change AND the firewall may prevent communication with the DC to apply the new GPO removing the firewall, therefore having to manually disable the firewall with local admin rights.  Good catch Pete.
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 24110291
And I also agree that I think it's daft this happened in the first place and that they can't sort it. What do we always do before implementing ANYTHING in a live environment? Thoroughly test it, that's what!!! :)

Pete
0

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now