Sys_Admin1
asked on
Domain Trust broken, but GPO still exists effecting local admin account
I deleted the computer account from AD but now want to add machine back to domain. Problem is when I deleted the account it left in place a group policy that now appears to have set the local administrator account on the machine to be a guest only. I can log in as the local admin account, but it has no rights to open the machines settings which allow me to attach to a domain... say it's restricted by group policy.
Need to either be able to disable the domain group policies that are still in place, or, need to be able to create another local account that actually has admin rights on the local machine.
Domain is running on server 2012R2 and the client machine is Win7.
Need to either be able to disable the domain group policies that are still in place, or, need to be able to create another local account that actually has admin rights on the local machine.
Domain is running on server 2012R2 and the client machine is Win7.
You are very likely looking at reinstalling the OS. Group policies are meant to be enforced so end-users can't override the settings. In most circumstances, once you are no longer on a domain, you can make changes and the settings won't get re-applied. But in this instances, you don't have access to an account that can make those changes. That invariably means there is no clean way to undo what has been done.
Hi,
Can't you just edit the local accounts with Hiren Boot CD?
Can't you just edit the local accounts with Hiren Boot CD?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fixed it myself after researching on web.