If you can log onto one of the machines as a domain admin (using cached credentials), you may be able to remotely reconfigure each machine. That's a long shot.
Otherwise you'll need to restore a DC from your old domain from backup and make the policy change, and so on and so forth. Might want to check out the ADMT tool next go-around. :) --Brian Desmond [EMAIL PROTECTED] Payton on the Web! Http://www.wpcp.org v: 773.534.0034 x135 f: 773.534.0035 -----Original Message----- From: Aaron Visser [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 3:29 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Any way out of this mess? I have just rebuilt our Servers with Server 2003 (a fresh install) All the new users are created all the new groups done new GPO's etc etc etc. The big mistake I made was not removing the clients from the old Domain before I blew it away (I thought I could just login as local admin and leave the old Domain and reboot and join the new one) Well that would have worked real well if only I had known that the old Domain had a GPO that disallowed even the Local Admin to logon interactively to the computers. So now when I try to login to the Local admin account on the workstations that no longer have a valid domain membership I get 'the local policy of this system does not permit you to logon interactively' message and I cannot logon. Anything I can do to allow me to logon or remove the account from the old domain? All I can think of right now is reinstalling the OS on the workstations but then I would have to reconfigure all the programs etc for every station (not liking that option) :( Thanks, Aaron List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
smime.p7s
Description: S/MIME cryptographic signature
