Hi
OK, I have done something terribly stupid.
On the domain controler, I have was playing with a new group policy for our new terminal server. As you can understand, I limited as much as possible (cmd, powershell, regedit, etc). Stupid me, I also restricted the administrator user.
Now, when logging in to the server or any other for that matter, it blocks all. I can not remove this policy. What can I do to temporarily disable GPO, and unset it (at least for admin users)?
Method #2: move the server object in AD to an OU where the GPO does not apply, reboot the server.
ALWAYS do method 1 when creating new GPOs. Another piece of advice, never create AND link a GPO when you create it. Always create a new GPO in the Group Policy Object container in the GP Mgmt Console.