treytucker
asked on
How do i get my GPO to override my local security policy
I have inherited a WinXP PRo Sp3 computer that the previous admin did some local security policy edits on. This machine is a member of my domain. Even when logging in with Domain Admin rights, I am unable to run regedit, change the computer name, open ANY mmc, etc. How can i use my GPO to disable whatever local security the previous admin has put on this machine? I ran the following command, and had no luck with that either, "secedit /configure /cfg %windir%\repair\secsetup.i nf /db secsetup.sdb /verbose" i had found an article stating that would remove any local security policies in effect, but it did not.
Let me know if you need any further info!
Thanks in advance for your help.
Let me know if you need any further info!
Thanks in advance for your help.
This may be a stupid answer but... Have you tried dropping the computer into a new OU and running gpupdate /force ?
ASKER
Unfortunately I have done that and it did not work.
You could always replace the registry hives in the system32 folder with the ones in the repair folder. These would be the original default registry hives when the system was installed. Of course, if you are hoping to keep and functioning applications, they would have to be re-installed after this operation.
ASKER
How do I replace the registry hives in the system 32 folder?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The active registry hives are here:
%SystemRoot%\System32\Conf ig\:
The backups are located in c:\windows\repair and are defined as follows:
Sam HKEY_LOCAL_MACHINE\SAM
Security HKEY_LOCAL_MACHINE\SECURIT Y
Software HKEY_LOCAL_MACHINE\SOFTWAR E
System HKEY_LOCAL_MACHINE\SYSTEM
Default HKEY_USERS\.DEFAULT
I would boot to command prompt, and copy them one by one. NOTE: the system file will be called system.bak Rename it to just system when copying.
ex.
copy c:\windows\repair\system.b ak c:\windows\system32\config \system
%SystemRoot%\System32\Conf
The backups are located in c:\windows\repair and are defined as follows:
Sam HKEY_LOCAL_MACHINE\SAM
Security HKEY_LOCAL_MACHINE\SECURIT
Software HKEY_LOCAL_MACHINE\SOFTWAR
System HKEY_LOCAL_MACHINE\SYSTEM
Default HKEY_USERS\.DEFAULT
I would boot to command prompt, and copy them one by one. NOTE: the system file will be called system.bak Rename it to just system when copying.
ex.
copy c:\windows\repair\system.b