Resetting the computeraccount in the OU?
-----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Ken Schaefer Verzonden: dinsdag 27 juli 2004 13:26 Aan: [EMAIL PROTECTED] Onderwerp: Re: [ActiveDir] Any way out of this mess? Hmmm, my MCSE study guide says to login using Safe Mode to get around GPOs that stop interactive logons (I only remember this because it's not something I've heard/seen mentioned before). I assume that's not a goer then? Cheers Ken ----- Original Message ----- From: "Aaron Visser" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 27, 2004 8:34 AM Subject: Re: [ActiveDir] Any way out of this mess? : On 7/26/04 1:40 PM, "Brian Desmond" <[EMAIL PROTECTED]> wrote: : : > If you can log onto one of the machines as a domain admin (using cached : > credentials), you may be able to remotely reconfigure each machine. That's a : > long shot. : > : > Otherwise you'll need to restore a DC from your old domain from backup and : > make the policy change, and so on and so forth. Might want to check out the : > ADMT tool next go-around. :) : > : > --Brian Desmond : > [EMAIL PROTECTED] : > Payton on the Web! Http://www.wpcp.org : > : > v: 773.534.0034 x135 : > f: 773.534.0035 : > : > : > : > -----Original Message----- : > From: Aaron Visser [mailto:[EMAIL PROTECTED] : > Sent: Monday, July 26, 2004 3:29 PM : > To: [EMAIL PROTECTED] : > Subject: [ActiveDir] Any way out of this mess? : > : > I have just rebuilt our Servers with Server 2003 (a fresh install) All the : > new users are created all the new groups done new GPO's etc etc etc. The big : > mistake I made was not removing the clients from the old Domain before I : > blew it away (I thought I could just login as local admin and leave the old : > Domain and reboot and join the new one) Well that would have worked real : > well if only I had known that the old Domain had a GPO that disallowed even : > the Local Admin to logon interactively to the computers. So now when I try : > to login to the Local admin account on the workstations that no longer have : > a valid domain membership I get 'the local policy of this system does not : > permit you to logon interactively' message and I cannot logon. : > : > Anything I can do to allow me to logon or remove the account from the old : > domain? All I can think of right now is reinstalling the OS on the : > workstations but then I would have to reconfigure all the programs etc for : > every station (not liking that option) :( : > : > Thanks, : > Aaron : > : > List info : http://www.activedir.org/mail_list.htm : > List FAQ : http://www.activedir.org/list_faq.htm : > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ : > : Well this seems to be working (Cached Credentials) (Thanks Brian) :) The : only problem I face now is I have not been to every workstation and logged : in as admin since I have been here and I have no idea what the old admin : passwords are lets just hope I don't run into to many of those computers. : Also I do have access to the Admin share on these computers via the local : network so I will be trying out Alex's idea for those ones that I am unable : to access the cached info. :) : : Thanks to all, wish it was Friday, : : Aaron List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
