Results 1 to 11 of 11

Thread: WIN2K: Domain/User/Urgent Help required!!!

  1. #1
    Squeeler Vini's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    1,769
    Thanks
    44
    Thanked
    8 times in 8 posts

    WIN2K: Domain/User/Urgent Help required!!!

    Server W2K3
    Client W2K SP4

    Client logs on as Bennett on the domain, with strict Group Policies. The user doesnt have access to anything but the desktop which cycles a screensaver showing the latest sales etc...

    However, the nic on the system has been disabled and as the GPO is strong the user cannot get to Network Settings to re-enable.

    The user has admin rights on the machine, but the GPO is restricting most things.

    Can the user, re-enable the nic via dos/command prompt?

    I have tried installing a wireless nic so that an admin (myself) can logon to the domain via my user info, not playing ball tho. Windows 2000 only connects the wireless lan within windows and not whilst loggin me on, so it still cannot find the domain.

    Clutching at straws i checked doc+settings to find a list of all the other users who had logged in, found one, who doesnt have the GPO applied to him, logged in, but cant re-enable the nic due to admin rights

    the other thing is, no-one knows the admin login, we normally use a set login, not this time - ****ing typical! so thats out of the question!

    so.

    is there a way to bypass the GPO?
    safe mode still has the GPO applied - way round?
    is there a super duper admin, which overwrites all?
    can i add a local user with admin rights via command prompt/dos?
    ive tried Windows PE (xp) to try and help but the machines a crappy 450mhz with 128mb ram, so thats a no go.
    tried windows 98 boot disc, but not sure why!
    is there a repair function in 2k?

    what options do i have?

    looking like a rebuild

    specially considering ive been there 3 hours after work trying to do it! could have rebuilt it in that time, maybe!


    help!

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    why not move the user and the computer out of the OU applying the strict policy ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    Squeeler Vini's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    1,769
    Thanks
    44
    Thanked
    8 times in 8 posts
    done that first thing. but as the network isnt working it hasnt helped

  4. #4
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    You could try to enable the adapter from the command line, but I have no idea if this will work on 2000 or if you have hardened it too much - the user being logged on might have no relevance if the GPO was a computer policy anyway...

    netsh interface dump
    - this should list the display name(s) of the interface(s)

    netsh interface set interface "name" enabled
    - this should enable the interface called "name"


    I've done a similar dumb thing with wireless GPOs - applied the policy which was not correct which meant the client could not connect to the WLAN to update the policy and fix it... I had to connect a wired connection to push the new GPO down
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  5. #5
    Squeeler Vini's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    1,769
    Thanks
    44
    Thanked
    8 times in 8 posts
    will try that 2moro. dumb thing it has been, what with already been stressed from our OEE Impact setup :s

  6. #6
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Another possibility (again, no idea if it will work or not) if you are using DHCP might be to move the NIC to another slot in the machine if you have that option.

    The system may see it as another instance of the same device and install it with the defaults (enabled, DHCP), aquire an address and find the DC to update the GPO.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  7. #7
    Squeeler Vini's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    1,769
    Thanks
    44
    Thanked
    8 times in 8 posts
    thought about new nic.

  8. #8
    Senior Moment blueball's Avatar
    Join Date
    Aug 2005
    Location
    Edinburgh
    Posts
    2,426
    Thanks
    846
    Thanked
    379 times in 294 posts
    • blueball's system
      • Motherboard:
      • Asus Z390A
      • CPU:
      • i9-9900KS
      • Memory:
      • Kingston 64GB (2x32GB) DDR4 2400MHz
      • Storage:
      • 2TB Samsung 970 EVO Plus NVMe PCIE M.2 plus Samsung 860 EVO 4TB SSD
      • Graphics card(s):
      • ASUS TUF RTX 3080 Ti GAMING OC
      • PSU:
      • Corsair HX850 850 W Full Modular 80 Plus Platinum
      • Case:
      • Corsair Carbide 330R Ultra Silent Midi Tower
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • IIYAMA 3461WQ IPS 34" 3440x1440 plus BenQ GW2765HT IPS 27" 2560x1440
      • Internet:
      • Plusnet 28Mb
    Have a look at the ISO available at http://home.eunet.no/~pnordahl/ntpasswd/

    it allows you to boot a PC from a CD and select which password you want to change and then change it. Obviously you need physical access to the machine (coupled with a legal right to be doing this) but I have used it on several occasions to get people out of the mire by changing the local admin password and it just works

    Take note of warnings regarding EFS
    Rgds,

    BB
    Hexus Trust here and here

  9. #9
    Nox
    Nox is offline
    Vorsprung durch Technik
    Join Date
    Oct 2003
    Location
    Hampshire
    Posts
    2,023
    Thanks
    2
    Thanked
    2 times in 2 posts
    • Nox's system
      • Motherboard:
      • Yes
      • CPU:
      • Yes
      • Memory:
      • Yes
      • Storage:
      • Yes
      • Graphics card(s):
      • Yes
      • PSU:
      • Yes
      • Case:
      • Yes
      • Monitor(s):
      • Yes
      • Internet:
      • Yes
    as far as I know:

    is there a way to bypass the GPO? i'm assuming its similar in effect to domain policies, so not unless you take it out the domain, then bypass it, then add it back.

    safe mode still has the GPO applied - way round? see above

    is there a super duper admin, which overwrites all? did you set one up? so probably not then

    can i add a local user with admin rights via command prompt/dos? erm, we have a script at work that does it on NT boxes, that and about 1000 other things. Would assume it would be similar. If I get a chance, i'll have a look tomorrow if you still need it, but can't think of any built into windows off the top of my head. Either way round, you will be limited by the account you're logged in with. You can also use that disk in the post above to create accounts if I remember right.

    is there a repair function in 2k? yep - boot off the CD - you may find it easier to restore the system hive first, see if that lets you change things. Within windows, its sfc /scannow at a command prompt - that will only check for dodgy files, not miss-configured things though, so won't be much help.

    Nox

  10. #10
    Nox
    Nox is offline
    Vorsprung durch Technik
    Join Date
    Oct 2003
    Location
    Hampshire
    Posts
    2,023
    Thanks
    2
    Thanked
    2 times in 2 posts
    • Nox's system
      • Motherboard:
      • Yes
      • CPU:
      • Yes
      • Memory:
      • Yes
      • Storage:
      • Yes
      • Graphics card(s):
      • Yes
      • PSU:
      • Yes
      • Case:
      • Yes
      • Monitor(s):
      • Yes
      • Internet:
      • Yes
    Clutching at straws i checked doc+settings to find a list of all the other users who had logged in, found one, who doesnt have the GPO applied to him, logged in, but cant re-enable the nic due to admin rights

    if Bennet is an admin account, give this account admin rights. or use the password 'tool' to reset the local admin to do it

  11. #11
    Squeeler Vini's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    1,769
    Thanks
    44
    Thanked
    8 times in 8 posts
    got into work armed with admin password boot disk tool thingy, and colleague had flattened it. oh well.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Win2k domain gubbins...
    By Neo_VR in forum Software
    Replies: 2
    Last Post: 13-03-2005, 03:41 AM
  2. Whats required?
    By Crispy in forum PC Hardware and Components
    Replies: 3
    Last Post: 19-11-2004, 07:32 PM
  3. networking win2k
    By blockers in forum Networking and Broadband
    Replies: 15
    Last Post: 25-11-2003, 12:00 AM
  4. loading win2k or win98 in DOS
    By blockers in forum Software
    Replies: 2
    Last Post: 08-11-2003, 10:10 AM
  5. Win2K: Best service pack
    By eldren in forum Software
    Replies: 6
    Last Post: 19-08-2003, 03:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •