Domain Trust broken, but GPO still exists effecting local admin account

I deleted the computer account from AD but now want to add machine back to domain.  Problem is when I deleted the account it left in place a group policy that now appears to have set the local administrator account on the machine to be a guest only.  I can log in as the local admin account, but it has no rights to open the machines settings which allow me to attach to a domain... say it's restricted by group policy.

Need to either be able to disable the domain group policies that are still in place, or, need to be able to create another local account that actually has admin rights on the local machine.

Domain is running on server 2012R2 and the client machine is Win7.
LVL 1
Sys_Admin1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
You are very likely looking at reinstalling the OS.  Group policies are meant to be enforced so end-users can't override the settings. In most circumstances, once you are no longer on a domain, you can make changes and the settings won't get re-applied. But in this instances, you don't have access to an account that can make those changes. That invariably means there is no clean way to undo what has been done.
0
GlingoSystem AdministratorCommented:
Hi,

Can't you just edit the local accounts with Hiren Boot CD?
0
Sys_Admin1Author Commented:
"Can't you just edit the local accounts with Hiren Boot CD? "

Tried it, but it wasn't able to add the local admin [now a guest account] back to the admin group.

-----------------------------

Here is how I fixed it:

1. Booted using a windows 7 disk, and selected repair.
2. Used a command prompt to make a backup of the file c:\windows\system32\sethc.exe
3. Copied cmd.exe over sethc.exe
4. Booted the machine into windows and at the "press ctl-alt-delete to log on" window I hit shift 5 times.  By renaming cmd.exe to sethc.exe, which is the sticky key utility, instead of the sticky key menu it opened a command prompt.
I then issued the command: "net localgroup administrator admin /add"  Which added the admin user back into the local administrator account.  It gave a warning that the trust relationship with the domain had failed, but when I booted into windows under the local admin account I could then remove the machine from the domain using my domain creds, and after a reboot I could add the machine back to the domain.

I pieced that together from several different forum posts on the web.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sys_Admin1Author Commented:
Fixed it myself after researching on web.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.