Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

group policy .. admin account locked down.

Status
Not open for further replies.

mikeherman

IS-IT--Management
Dec 17, 2008
8
CA
I recently installed windows pro on a pc. I need to give very little access to windows so i was trying to create a group policy for the guest account. While I is disabling and enabling certain things I saved the group policy and now the computer is totally locked down. The administrator accounts have no access to anything, not event the ability to use the 'run' and even to execute programs.
Funny thing is the guest account has more privileges then administrator.
I searched google to find restoring windows 2000 pro group policy. Ive yet to find something solid. there are lots of procedures for windows 2000 server but not pro. is there a registry hack to restore the group policy?
 
Clarification please

I recently installed windows pro

I searched google to find restoring windows 2000 pro group policy. Ive yet to find something solid. there are lots of procedures for windows 2000 server but not pro. is there a registry hack to restore the group policy?

Not that it really matters - but which o/s have you installed?

If you just installed it, obvious fix - do a new clean install.

Why are you doing anything with the guest account (M$ should never have put in in place) - it just needs to be disabled. Use a standard/limited account. Many group policies apply to all accounts - even administrator - on 2k & XP pro. What exactly are you trying to achieve?
 
The OS is Windows 2000 pro. I need to give less privileges on the guest account, for example removing the 'run' feature from the 'start' menu.
When I was in administrator I created a new mmc for local group policies. As I was disabling things I didn't realize that I was actually disabling them on the administrator account. When I saved the file then pretty much all privileges were gone.
I found a file that restores group policy, dcpofix.exe. But that is for domain group policies for windows 2000 server. I need a method that can restore group policies for a PRO machine that is on a workgroup.
The only way would be to restore some files or do a registry hack.. but i don't know the procedures.

Im trying to avoid a complete reinstall because its time consuming.
 
Im trying to avoid a complete reinstall because its time consuming

You have to ask yourself is it more time consuming than trying to find how to fix it. Is the machine in use in its present state?

btw - why are you using the guest account? Its a security risk if turned on and the machine has an internet connection.

A quick Google trawl didn't find me anything specific for 2k - seems to be in the area but not what you want. I've just remembered I did once have a link to a site which dealt with this issue, but it became dead some years ago (and I hadn't saved the information unfortunately) - the only link I have I think would be useful before you started - but on a quick scan don't think it will let you reverse what you've done:-
 
Hi Wolluf.
the pc is mainly for public users to check email and browse the web. I was planning on setting up the pc for bare minimum privileges. Why would the guest account be a security risk?
 
As I understand it, enabling the guest account creates a 'hole' through which hackers can gain access to the machine if its connected to a network/internet. Which is why its recommended to leave it disabled & set up a standard user account if you want to have a 'guest' user. I've never personally checked this out - its just been mentioned so many times I would never think of using the guest account on any flavour of NT based windows.
 
Hello Mike,

It is true that the guest account should be disabled to protect against any of the basic hacking techniques. A standard user on the PC will have limited access so that is a good level to give to an account for guests and visitors to use. You can set the PC to login automaticly.

To correct your group policy issue, I would go through and enable a few things at a time in your policy to see what reactivates the admin abilities. If you did this using the local PC policy you may find it a lot faster to simply rebuild the PC. If you used AD group policy then you can either change the items a few at a time or simply remove the policy and start over. It sounds like you took away a lot of the access on the system and need to correct that in the group policy.

CJ

Don't drink and post, save that for driving home!
 
I need to create a workgroup on windows 2000 professional and then add a windows xp computer to the workgroup so I can transfer photos & files from window 2000 to the XP.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top