+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member
    Join Date
    Nov 2004
    Posts
    1
    #1

    Default Group Policy - admin is locked out in 70-293

    Working on 70-293 we modified the domain controllers gpo's now all servers except one set cant go and edit the gpo's. we followed all the same steps.(microsofts lab book) we can not even get back into the gpo to see what is wrong. the admin is totally locked out. any ideas? one system is ok. any ideas? Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jun 2006
    Location
    Tampa Bay
    Posts
    1,266

    Certifications
    MCSA 2000, MCSE 2003, Exchange 2000, CCNA, CCNA Security, CNE, A+, Network+, Security+
    #2
    Most of the time when I help clients fix an error trying to access a GPO, it's a replication failure or other problem where the GPO editor can't get to the files in the SYSVOL. The GPO system accesses the GPO files using network access, so it is possible that you can manually edit the sysvol files, but the system has a break somewhere in the channel to access them. Check your event log for clues especially in the area of replication errors.

    If you truely did lock the keys in the car so to speak, you could edit all the GPOs under the sysvol folder on a DC to a known working state, and give the GPT.INI in the root of the GPO folder a version number higher than on all the other DCs. Let that replicate, or force replication, force GPO update and see if you can get in again.

    Worse comes to worse, you can do a an authorative system state restore.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    May 2003
    Location
    Orlando, Florida
    Posts
    590

    Certifications
    MCSA/MCSE 2003, CCENT, ITIL, MCDST, A+, Network+, I-Net+, Server+, Security+, DHTI+, CIW-A, Dell, HP, Avaya Basic Administration, B.S. in MIS
    #3
    Or you can use dcgpofix to restore the GPOs to default installation.

    The following Microsoft link has more info about that tool:

    http://technet2.microsoft.com/Window....mspx?mfr=true
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Nov 2005
    Posts
    302

    Certifications
    CCNA,MCP, MCSA, MCSA:Security, MCSA:Messaging, MCSE, MCSE: Security, CompTIA Security+, network+ and linux+
    #4
    Try and boot in safe mode.

    Modifiy the GPO... (you can apply the default setup security template for DC)... see if you can recover.

    Try and tell me exactly what settings did you apply (ie a security template?) and then I can give you some help.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #5
    Yeah...I'll assume the problem has been fixed after two years...
    Reply With Quote Quote  

  7. Senior Member TeKniques's Avatar
    Join Date
    Jul 2004
    Location
    Oregon, USA
    Posts
    1,245

    Certifications
    OSCP, CISA, CISSP, SSCP, MCSA 2008, MCSE 2003: Security, MCDST, MCP, Security+, Network+, A+, Project+, CCENT, CCNA
    #6
    Quote Originally Posted by _omni_
    Yeah...I'll assume the problem has been fixed after two years...
    LOL
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Jun 2006
    Location
    Tampa Bay
    Posts
    1,266

    Certifications
    MCSA 2000, MCSE 2003, Exchange 2000, CCNA, CCNA Security, CNE, A+, Network+, Security+
    #7
    Oops. Didn't notice the post date.

    It's stuff like this that gets me in trouble on tests.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks