First question is: Do you have ANY access to the box? You can't log on locally, but can you netsvc and start the telnet service? Can you use psexec and run "psexec \\hostname cmd" to get a shell? (www.sysinternals.com look at pstools in the utilities section, great tools and free!) Can you get to the admin shares?
If you can gain remote access to the box you can try creating a new security database, and importing your current security configuration (whatever.inf). Once you have a good *.sdb file (good meaning the Administrator account has log on interactively rights) and you have a shell to the "bad" machine you can run the command line tool secedit: "secedit /configure /db newsdb.sdb" that would set the local security policy to whatever you had configured on the "good" machine. Sounds like it would at least be worth a shot at this point....good luck. -Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser Sent: Monday, July 26, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Any way out of this mess? That program is great but unless I am missing something it does not remove the account from the old computer domain I had already used that program to reset the local admin pass because I had no idea what it was (I took this site over a few months ago) and I get the same message 'the > local policy of this system does not permit you to logon interactively' On 7/26/04 1:40 PM, "Michael B. Smith" <[EMAIL PROTECTED]> wrote: > http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser > Sent: Monday, July 26, 2004 4:29 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Any way out of this mess? > > I have just rebuilt our Servers with Server 2003 (a fresh install) All > the new users are created all the new groups done new GPO's etc etc etc. > The big mistake I made was not removing the clients from the old > Domain before I blew it away (I thought I could just login as local > admin and leave the old Domain and reboot and join the new one) Well > that would have worked real well if only I had known that the old > Domain had a GPO that disallowed even the Local Admin to logon > interactively to the computers. So now when I try to login to the > Local admin account on the workstations that no longer have a valid > domain membership I get 'the local policy of this system does not permit you to logon interactively' > message and I cannot logon. > > Anything I can do to allow me to logon or remove the account from the > old domain? All I can think of right now is reinstalling the OS on the > workstations but then I would have to reconfigure all the programs etc > for every station (not liking that option) :( > > Thanks, > Aaron > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
