klsphotos
asked on
Locked out of Group Policy
Hi All,
I did a really dumb thing and I am hoping you can help me.
I locked myself out of gpedit.msc and gpmc.msc.
The lockout is coming from a policy that I put on the domain and I got distracted and forgot to deny admin to this policy.
This is a doozy.
Help.
Karen
I did a really dumb thing and I am hoping you can help me.
I locked myself out of gpedit.msc and gpmc.msc.
The lockout is coming from a policy that I put on the domain and I got distracted and forgot to deny admin to this policy.
This is a doozy.
Help.
Karen
are you working remotely or locally ?
if remotely then if you have another computer you can access, and then remote using RDP and see if you can log on that way and add exception for domain admins.
if remotely then if you have another computer you can access, and then remote using RDP and see if you can log on that way and add exception for domain admins.
ASKER
I do not recall if I applied it to user or computer but I moved my system to the computer ou and my account to the user our and refreshed policy and restarted and it's still there.
All systems here on the domain and users got the policy. I did create a additional admin account and the same thing. it is denied.
I have NEVER done anything like this and am stumped. It's set on the root of the domain, but not in the default domain policy so I need to get in. I thought about changing the registry keys on my system since I can't edit gpedit to over ride it, I could do it manually but I do not know which registry setting that is.
I also read that I could rename mmc.msc and then run it from a command line but that hasn't been successful either.
All systems here on the domain and users got the policy. I did create a additional admin account and the same thing. it is denied.
I have NEVER done anything like this and am stumped. It's set on the root of the domain, but not in the default domain policy so I need to get in. I thought about changing the registry keys on my system since I can't edit gpedit to over ride it, I could do it manually but I do not know which registry setting that is.
I also read that I could rename mmc.msc and then run it from a command line but that hasn't been successful either.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is what I would try first
Reset All User Permissions To Default
http://www.bleepingcomputer.com/forums/t/509474/reset-all-user-permissions-to-default/
Reset All User Permissions To Default
http://www.bleepingcomputer.com/forums/t/509474/reset-all-user-permissions-to-default/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I followed the link provided and it showed me the registry paths that I could edit to get back into what was restricted.
Can you user another domain admin account to amend this policy?