You'll love this.
Saturday I built up a server, complete with fileshare permissions, VPN access, and the whole nine yards (XP PRO with SP2 by the way, and I know about the limited functionality of VPN on XP, but hey, it does what we need it to do) so after getting it all put together, I wanted to lockdown the server's ability to allow someone to login locally from the keyboard sitting in front of the server. Not a difficult task unless you get distracted which is what happened to me.
So, editing the group policies using GPEDIT, I'm under Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment.
Here we see two fields. Deny Logon locally and Logon Locally.
Simple enough so far... and this is a very small scenario in which all of the users are in the users group with the exception of three accounts for administration which are in the administrator's group.
So then - Deny logon locally, I wound up selecting the Users group, and logon locally, I removed the users group.
WRONG - Now NOBODY can logon locally.. not even the adminstrator accounts. I can get in to the VPN but it's only got limited access to only what's needed (for obvious reasons) and I can bring up the repair console with the adminstrator login, other than that I'm dead in the water.
Any ideas on how I can get this undone, or reset back to the defaults?
Thanks,
-IQ
Saturday I built up a server, complete with fileshare permissions, VPN access, and the whole nine yards (XP PRO with SP2 by the way, and I know about the limited functionality of VPN on XP, but hey, it does what we need it to do) so after getting it all put together, I wanted to lockdown the server's ability to allow someone to login locally from the keyboard sitting in front of the server. Not a difficult task unless you get distracted which is what happened to me.
So, editing the group policies using GPEDIT, I'm under Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment.
Here we see two fields. Deny Logon locally and Logon Locally.
Simple enough so far... and this is a very small scenario in which all of the users are in the users group with the exception of three accounts for administration which are in the administrator's group.
So then - Deny logon locally, I wound up selecting the Users group, and logon locally, I removed the users group.
WRONG - Now NOBODY can logon locally.. not even the adminstrator accounts. I can get in to the VPN but it's only got limited access to only what's needed (for obvious reasons) and I can bring up the repair console with the adminstrator login, other than that I'm dead in the water.
Any ideas on how I can get this undone, or reset back to the defaults?
Thanks,
-IQ