[THIN] Re: arrghh GPO locked admins out

• From: "Chris Lynch" <lynch00@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Mon, 23 Feb 2004 12:54:21 -0800

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NP.  Hope it helps someone else out there that might encounter the same
thing (hopefully no one else will).  But, if that were the case, most of us
would be un-employed.  :( 


Chris Lynch
lynch00@xxxxxxx 
- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Brian Lilley
Sent: Monday, February 23, 2004 12:53 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: arrghh GPO locked admins out

Chris, thanks for your reply.. 

By the time I checked it out and called the customer back, they'd restored
AD from last weeks backup.

Much appreciated anyway.

Brianos :o)

- -----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]
Sent: 23 February 2004 19:03
To: thin@xxxxxxxxxxxxx
Cc: windows2000@xxxxxxxxxxxxx
Subject: [THIN] Re: arrghh GPO locked admins out


 


**********************************************************************
The information contained in this e-mail message is intended only for the
individuals named above.  If you are not the intended recipient, you should
be aware that any dissemination, distribution, forwarding or other
duplication of this communication is strictly prohibited.  The views
expressed in this e-mail are those of the individual author and not
necessarily those of Vivista Limited.  
Prior to taking any action based upon this e-mail message you should seek
appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately notify the
sender by using the e-mail reply facility.
**********************************************************************


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a way to do this.  What you will need to do is boot into the
Recovery Console.  Rename CMD.EXE to LOGON.SCR (which you will need to
rename as well).  Reboot the server into AD Restore Mode.  Wait until the
logon screen saver kicks in, and you should then be able to run MMC.EXE and
undo the changes made.  There is an article out there that I know of that
goes more in depth on this recovery, and I will reply back to you with the
link once I find it.


Chris Lynch
lynch00@xxxxxxx
- - -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Brian Lilley
Sent: Monday, February 23, 2004 10:47 AM
To: 'thin@xxxxxxxxxxxxx'
Cc: 'windows2000@xxxxxxxxxxxxx'
Subject: [THIN] arrghh GPO locked admins out

A client of mine was creating a lockdown GPO which he intended to apply to
his metaframe servers.  The only problem is, he applied to all his users
computers, DC's and admins..doh!!

Now, he is unable to login to run the GPO MMC to undo the work.  

I was wondering if there was anyway to get in to undo this work.  I guess
all this is now in the NTDS.DIT file and there aint much way around it??  Is
there an easy ADSI hack to disable this GPO?  Is there anything in the
SYSVOL directory that can be changed to stop the GPO from being applied??  

They are unable to run up AD Users and Computers snap in as this is
restricted!!! 



Brian Lilley
Systems Integration
Vivista Ltd

m - 07929 002501
e - brian.lilley@xxxxxxxxxxxxx
www.vivista.co.uk





**********************************************************************
The information contained in this e-mail message is intended only for the
individuals named above.  If you are not the intended recipient, you should
be aware that any dissemination, distribution, forwarding or other
duplication of this communication is strictly prohibited.  The views
expressed in this e-mail are those of the individual author and not
necessarily those of Vivista Limited.  
Prior to taking any action based upon this e-mail message you should seek
appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately notify the
sender by using the e-mail reply facility.
**********************************************************************


_____________________________________________________________________

This message has been checked for all known viruses on behalf of Vivista by
MessageLabs. 

http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx

Vivista formerly Securicor Information Systems for further information
http://www.vivista.co.uk  

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application management
problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch.

iQA/AwUBQDpOb29fg+xq5T3MEQJ6tgCfXBLcQ1pcOGErejeGL4W0YhHHOsoAn3S9
NOHTROT88MlQ11L/4Oyk0r51
=SdN7
- -----END PGP SIGNATURE-----


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application management
problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm

_____________________________________________________________________

This message has been checked for all known viruses on behalf of Vivista by
MessageLabs. 

http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx

Vivista formerly Securicor Information Systems for further information
http://www.vivista.co.uk  



**********************************************************************
The information contained in this e-mail message is intended only for the
individuals named above.  If you are not the intended recipient, you should
be aware that any dissemination, distribution, forwarding or other
duplication of this communication is strictly prohibited.  The views
expressed in this e-mail are those of the individual author and not
necessarily those of Vivista Limited.  
Prior to taking any action based upon this e-mail message you should seek
appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately notify the
sender by using the e-mail reply facility.
**********************************************************************


_____________________________________________________________________

This message has been checked for all known viruses on behalf of Vivista by
MessageLabs. 

http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx

Vivista formerly Securicor Information Systems for further information
http://www.vivista.co.uk  

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application management
problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch.

iQA/AwUBQDpofG9fg+xq5T3MEQKvvgCfdH8yfbVtgXw+vs+Jq/ehZ9Ie/fsAoLNS
sSNlDoEzZp1wxBnsH3r4WqMy
=V93W
-----END PGP SIGNATURE-----


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• References:
  • [THIN] Re: arrghh GPO locked admins out
    • From: Brian Lilley

Other related posts:

• » [THIN] arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out
• » [THIN] Re: arrghh GPO locked admins out

1. Home
2. thin
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---