I have locked myself out of the GPO manager and I need to get back in. Silly thing to do but I wasn't thinking, I guess.
Windows 2008 R2 server that is the DC and a RDS (terminal server) for about ten users. There is a 2003 server that is part of the domain but does not have AD loaded though I certainly could do that if necessary.
So...... I created a GPO to lock down the RDS (formerly terminal service) sessions of the users. I locked down the ability for snap-ins to run as well as the ability of the user to use the command prompt. Unfortunately, the Administrator was a part of the group so now the Administrator has no ability to modify GPOs or manage the server -- snap-ins will not work from either a RDS session or from the console.
I sort of did the age old mistake of deleting the administrator account without first making another account with administrative rights and permissions.
Is there anyway anyone can think of that will get the administrator the rights to modify GPOs so as to allow me control of the 2008 machine?
Seems to me that I need to either modify or delete the current GPO. Can I use PSEXEC or the 2003 server in anyway?