Locked out of GPM

Posted on 2012-08-13
Last Modified: 2012-08-13
I have locked myself out of the GPO manager and I need to get back in. Silly thing to do but I wasn't thinking, I guess.

Windows 2008 R2 server that is the DC and a RDS (terminal server) for about ten users. There is a 2003 server that is part of the domain but does not have AD loaded though I certainly could do that if necessary.

So...... I created a GPO to lock down the RDS (formerly terminal service) sessions of the users. I locked down the ability for snap-ins to run as well as the ability of the user to  use the command prompt.  Unfortunately, the Administrator was a part of the group so now the Administrator has no ability to modify GPOs or manage the server -- snap-ins will not work from either a RDS session or from the console.

I sort of did the age old mistake of deleting the administrator account without first making another account with administrative rights and permissions.

Is there anyway anyone can think of that will get the administrator the rights to modify GPOs so as to allow me control of the 2008 machine?

Seems to me that I need to either modify or delete the current GPO. Can I use PSEXEC or the 2003 server in anyway?

Question by:albevier
    LVL 57

    Accepted Solution

    Do you have any admin accounts to use on the domain or do you not have any accounts to use.

    If you have an account you can install GPMC on the 2003 box and login with the account and modify the policy



    Author Comment

    Bwahahahah! I like it! Let me give it a go!  HA! ur a geeen-eeee-US, Mike! I'm back in with no disruption to anyone in the office!


    LVL 57

    Expert Comment

    by:Mike Kline
    No problem, best part was no disruption to anyone :)

    I was in a looooonnnnggg time ago (93-97).   I'll be 38 in a few months...old Hooah! :)

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now