[Win2K] Policy-probleem.

Op maandag 25 maart 2002 00:07 schreef DSmarty het volgende:
Grapjas.

MS Technet hielp me niet echt voort, vandaar mijn vraag alhier.

After the final install process the PC reboots as usual and then
locked me out with the same error. He reinstalled the OS this
time staying out of the domain.

He then booted and mapped to the admin share on the server,
browsed to and deleted (see MSKB Q201227): {xxxx-XXXX} =
Combination of letters numbers (hex) there will be two of these
and you have to remove the file from both (numbered them 1 and
2, but that has nothing to do with the numbers inside the {}):

C:\WINNT\SYSVOL\DOMAIN\Policies\{xxxx-XXX1}\Machine\Microsoft\Windows NT\SecExit\GptTmpl.inf
C:\WINNT\SYSVOL\DOMAIN\Policies\{xxxx-XXX2}\Machine\Microsoft\Windows NT\SecExit\GptTmpl.inf

Within a few seconds the HD activity lights went nuts (policy
change was taking effect) and he was able to log into his Server.
Justin rebooted his laptop and regained access to that as well.

Repeat these steps to
reproduce the bug:

1. Log in as a local admin
2. Check your local security policy under "User rights" to
make sure "Everyone" cannot logon locally, by default it
can't.
3. Rename the local administrators group to something besides
"Administrators"
4. Reboot your machine
5. Try to log in as an administrator either Domain or local.
You can't because your local policy setting says
"Administrators" may logon locally but- that group no
longer exists (since you renamed it). In other words the
local policy settings aren't stored using SIDs, it's just
storing straight group names - very lazy on the part of
Microsoft. Also quite annoying when you find you can't
login to your machine because you changed the name of the
Administrators group.

Op maandag 25 maart 2002 00:09 schreef realbart het volgende:

[..]

OK, maar aangezien de eerste reply verdomd veel op een werkende oplossing leek die zo van Technet gekopieerd kon zijn...vandaar mijn gedachte