Octai- Thanks for that. That makes sense and is a common problem. So basically you have some domain security policy that is still in effect on your workstation and you can't override it by editing the local GPO. If you are an administrator on the machine, then you should just be able to unjoin the machine from the domain, logon as a local administrator and then edit the local GPO to undo the security settings that were delivered from the domain. Let me know if that does not work. Darren -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of octai.kelly@xxxxxxxxxxxx Sent: Wednesday, August 16, 2006 9:45 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Override GPO No Override?! Hi Darren, Thank you kindly for your reply. Let me start by apologising for the confusion. I will give you some background info so that you can get a better idea about what is going on. I have been using a small network for a development lab for a consulting business that I have been running for many years. I am the only one using the servers and PC's on the internal domain which is isolated from the Internet. I have recently moved continents for an opportunity which looks like it will become a permanent job, meaning that I have had to close down my network as well as the company. The servers are shut-down and stored out of range from where I am using a notebook that used to be connected to the domain. I can logon locally with Domain Admin or Built-in local Admin accounts. The problem is that the effective rights are overriding any attempts to give full permissions to the folders in question. I know that this is by design, I guess I am hoping that there is a way to disconnect this machine from the now defunct domain without a wipe and load. I have a feeling that I am just putting off the inevitable! Sincerely, Octai > > From: "Darren Mar-Elia" <darren@xxxxxxxxxx> > Date: 2006/08/16 Wed AM 11:26:48 EST > To: <gptalk@xxxxxxxxxxxxx> > Subject: [gptalk] Re: Override GPO No Override?! > > Well, no, you wouldn't be able to disable the enforced if you couldn't > access the domain, but in your original note, you didn't indicate that > you prevented yourself from logging on--just installing an update. If > you truly can't logon remotely or locally it will be tough to fix this > without a wipe and load. > > Darren > > -----Original Message----- > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > On Behalf Of octai.kelly@xxxxxxxxxxxx > Sent: Wednesday, August 16, 2006 5:21 AM > To: gptalk@xxxxxxxxxxxxx > Subject: [gptalk] Re: Override GPO No Override?! > > Thanks for your reply. > Can I turn the Enforced setting off without having access to my > domain? What about leaving the domain and creating / joining a new workgroup for now. > Will that introduce other problems? > I'm running Win2K SP4 on my notebook and the PDC back at the office is > running Windows Server 2003. > Regards, > Octai > > > > From: "Darren Mar-Elia" <darren@xxxxxxxxxx> > > Date: 2006/08/14 Mon AM 12:19:31 EST > > To: <gptalk@xxxxxxxxxxxxx> > > Subject: [gptalk] Re: Override GPO No Override?! > > > > I guess I don't quite follow the scenario, but can you just turn off > > the Enforced setting on the Default Domain Policy and then set the > > Default DC Policy with the appropriate rights? > > > > Darren > > > > -----Original Message----- > > From: gptalk-bounce@xxxxxxxxxxxxx > > [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > On Behalf Of octai.kelly@xxxxxxxxxxxx > > Sent: Sunday, August 13, 2006 4:00 AM > > To: gptalk@xxxxxxxxxxxxx > > Subject: [gptalk] Override GPO No Override?! > > > > When I was setting up a development lab domain, I followed the > > suggested practice of tightening up security on my DC by setting the > > "No > Override" > > default domain policy option. However, now I am away from the dev > > lab with no way to connect to the domain, trying to install Windows > > Installer > 3.1. > > This uses an app called Update.exe which requires specific user > > rights such as backing up files. The effective policy is preventing > > me from > proceeding. > > I think a clean install may be the only way around this, but I don't > > want to attempt this on the road. Is there any way that I could get > > around this to install these applications? > > Thanks in advance, > > Octai > > > > *********************** > > You can unsubscribe from gptalk by sending email to > > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field > > OR by logging into the freelists.org Web interface. Archives for the > > list are available at //www.freelists.org/archives/gptalk/ > > ************************ > > > > *********************** > > You can unsubscribe from gptalk by sending email to > > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field > > OR by logging into the freelists.org Web interface. Archives for the > > list are available at //www.freelists.org/archives/gptalk/ > > ************************ > > > > *********************** > You can unsubscribe from gptalk by sending email to > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field > OR by logging into the freelists.org Web interface. Archives for the > list are available at //www.freelists.org/archives/gptalk/ > ************************ > > *********************** > You can unsubscribe from gptalk by sending email to > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field > OR by logging into the freelists.org Web interface. Archives for the > list are available at //www.freelists.org/archives/gptalk/ > ************************ > *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************