On 7/26/04 1:40 PM, "Brian Desmond" <[EMAIL PROTECTED]> wrote:
> If you can log onto one of the machines as a domain admin (using cached > credentials), you may be able to remotely reconfigure each machine. That's a > long shot. > > Otherwise you'll need to restore a DC from your old domain from backup and > make the policy change, and so on and so forth. Might want to check out the > ADMT tool next go-around. :) > > --Brian Desmond > [EMAIL PROTECTED] > Payton on the Web! Http://www.wpcp.org > > v: 773.534.0034 x135 > f: 773.534.0035 > > > > -----Original Message----- > From: Aaron Visser [mailto:[EMAIL PROTECTED] > Sent: Monday, July 26, 2004 3:29 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Any way out of this mess? > > I have just rebuilt our Servers with Server 2003 (a fresh install) All the > new users are created all the new groups done new GPO's etc etc etc. The big > mistake I made was not removing the clients from the old Domain before I > blew it away (I thought I could just login as local admin and leave the old > Domain and reboot and join the new one) Well that would have worked real > well if only I had known that the old Domain had a GPO that disallowed even > the Local Admin to logon interactively to the computers. So now when I try > to login to the Local admin account on the workstations that no longer have > a valid domain membership I get 'the local policy of this system does not > permit you to logon interactively' message and I cannot logon. > > Anything I can do to allow me to logon or remove the account from the old > domain? All I can think of right now is reinstalling the OS on the > workstations but then I would have to reconfigure all the programs etc for > every station (not liking that option) :( > > Thanks, > Aaron > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > Well this seems to be working (Cached Credentials) (Thanks Brian) :) The only problem I face now is I have not been to every workstation and logged in as admin since I have been here and I have no idea what the old admin passwords are lets just hope I don't run into to many of those computers. Also I do have access to the Admin share on these computers via the local network so I will be trying out Alex's idea for those ones that I am unable to access the cached info. :) Thanks to all, wish it was Friday, Aaron List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
