Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

group policy .. admin account locked down.

Status
Not open for further replies.
mikeherman

mikeherman

IS-IT--Management
Dec 17, 2008
8
CA
I recently installed windows pro on a pc. I need to give very little access to windows so i was trying to create a group policy for the guest account. While I is disabling and enabling certain things I saved the group policy and now the computer is totally locked down. The administrator accounts have no access to anything, not event the ability to use the 'run' and even to execute programs.
Funny thing is the guest account has more privileges then administrator.
I searched google to find restoring windows 2000 pro group policy. Ive yet to find something solid. there are lots of procedures for windows 2000 server but not pro. is there a registry hack to restore the group policy?
 
Sort by date Sort by votes
Clarification please

I recently installed windows pro
Click to expand...

I searched google to find restoring windows 2000 pro group policy. Ive yet to find something solid. there are lots of procedures for windows 2000 server but not pro. is there a registry hack to restore the group policy?
Click to expand...

Not that it really matters - but which o/s have you installed?

If you just installed it, obvious fix - do a new clean install.

Why are you doing anything with the guest account (M$ should never have put in in place) - it just needs to be disabled. Use a standard/limited account. Many group policies apply to all accounts - even administrator - on 2k & XP pro. What exactly are you trying to achieve?
 
Upvote 0 Downvote
The OS is Windows 2000 pro. I need to give less privileges on the guest account, for example removing the 'run' feature from the 'start' menu.
When I was in administrator I created a new mmc for local group policies. As I was disabling things I didn't realize that I was actually disabling them on the administrator account. When I saved the file then pretty much all privileges were gone.
I found a file that restores group policy, dcpofix.exe. But that is for domain group policies for windows 2000 server. I need a method that can restore group policies for a PRO machine that is on a workgroup.
The only way would be to restore some files or do a registry hack.. but i don't know the procedures.

Im trying to avoid a complete reinstall because its time consuming.
 
Upvote 0 Downvote
Im trying to avoid a complete reinstall because its time consuming
Click to expand...

You have to ask yourself is it more time consuming than trying to find how to fix it. Is the machine in use in its present state?

btw - why are you using the guest account? Its a security risk if turned on and the machine has an internet connection.

A quick Google trawl didn't find me anything specific for 2k - seems to be in the area but not what you want. I've just remembered I did once have a link to a site which dealt with this issue, but it became dead some years ago (and I hadn't saved the information unfortunately) - the only link I have I think would be useful before you started - but on a quick scan don't think it will let you reverse what you've done:-
 
Upvote 0 Downvote
Hi Wolluf.
the pc is mainly for public users to check email and browse the web. I was planning on setting up the pc for bare minimum privileges. Why would the guest account be a security risk?
 
Upvote 0 Downvote
As I understand it, enabling the guest account creates a 'hole' through which hackers can gain access to the machine if its connected to a network/internet. Which is why its recommended to leave it disabled & set up a standard user account if you want to have a 'guest' user. I've never personally checked this out - its just been mentioned so many times I would never think of using the guest account on any flavour of NT based windows.
 
Upvote 0 Downvote
Hello Mike,

It is true that the guest account should be disabled to protect against any of the basic hacking techniques. A standard user on the PC will have limited access so that is a good level to give to an account for guests and visitors to use. You can set the PC to login automaticly.

To correct your group policy issue, I would go through and enable a few things at a time in your policy to see what reactivates the admin abilities. If you did this using the local PC policy you may find it a lot faster to simply rebuild the PC. If you used AD group policy then you can either change the items a few at a time or simply remove the policy and start over. It sounds like you took away a lot of the access on the system and need to correct that in the group policy.

CJ

Don't drink and post, save that for driving home!
 
Upvote 0 Downvote
I need to create a workgroup on windows 2000 professional and then add a windows xp computer to the workgroup so I can transfer photos & files from window 2000 to the XP.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TrekBiker
  • Locked
  • Question
Version 23H2 preventing full shut down
Replies
5
Views
331
pjw001
pjw001
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
358
guitarzan
guitarzan
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
743
goombawaho
goombawaho
xwb
  • Locked
  • Question
Switching to admin user when installing msi
Replies
0
Views
69
xwb
xwb
Randy_F
  • Locked
  • Question
Not sure why I keep getting locked out randomly
Replies
2
Views
69
ths0210
ths0210

Part and Inventory Search

Sponsor

Back
Top