Hmmm, my MCSE study guide says to login using Safe Mode to get around GPOs that stop interactive logons (I only remember this because it's not something I've heard/seen mentioned before). I assume that's not a goer then?
Cheers Ken ----- Original Message ----- From: "Aaron Visser" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 27, 2004 8:34 AM Subject: Re: [ActiveDir] Any way out of this mess? : On 7/26/04 1:40 PM, "Brian Desmond" <[EMAIL PROTECTED]> wrote: : : > If you can log onto one of the machines as a domain admin (using cached : > credentials), you may be able to remotely reconfigure each machine. That's a : > long shot. : > : > Otherwise you'll need to restore a DC from your old domain from backup and : > make the policy change, and so on and so forth. Might want to check out the : > ADMT tool next go-around. :) : > : > --Brian Desmond : > [EMAIL PROTECTED] : > Payton on the Web! Http://www.wpcp.org : > : > v: 773.534.0034 x135 : > f: 773.534.0035 : > : > : > : > -----Original Message----- : > From: Aaron Visser [mailto:[EMAIL PROTECTED] : > Sent: Monday, July 26, 2004 3:29 PM : > To: [EMAIL PROTECTED] : > Subject: [ActiveDir] Any way out of this mess? : > : > I have just rebuilt our Servers with Server 2003 (a fresh install) All the : > new users are created all the new groups done new GPO's etc etc etc. The big : > mistake I made was not removing the clients from the old Domain before I : > blew it away (I thought I could just login as local admin and leave the old : > Domain and reboot and join the new one) Well that would have worked real : > well if only I had known that the old Domain had a GPO that disallowed even : > the Local Admin to logon interactively to the computers. So now when I try : > to login to the Local admin account on the workstations that no longer have : > a valid domain membership I get 'the local policy of this system does not : > permit you to logon interactively' message and I cannot logon. : > : > Anything I can do to allow me to logon or remove the account from the old : > domain? All I can think of right now is reinstalling the OS on the : > workstations but then I would have to reconfigure all the programs etc for : > every station (not liking that option) :( : > : > Thanks, : > Aaron : > : > List info : http://www.activedir.org/mail_list.htm : > List FAQ : http://www.activedir.org/list_faq.htm : > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ : > : Well this seems to be working (Cached Credentials) (Thanks Brian) :) The : only problem I face now is I have not been to every workstation and logged : in as admin since I have been here and I have no idea what the old admin : passwords are lets just hope I don't run into to many of those computers. : Also I do have access to the Admin share on these computers via the local : network so I will be trying out Alex's idea for those ones that I am unable : to access the cached info. :) : : Thanks to all, wish it was Friday, : : Aaron List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
