Group Policy - admin is locked out in 70-293

WaggstheJesusFreakWaggstheJesusFreak Member Posts: 1 ■□□□□□□□□□
Working on 70-293 we modified the domain controllers gpo's now all servers except one set cant go and edit the gpo's. we followed all the same steps.(microsofts lab book) we can not even get back into the gpo to see what is wrong. the admin is totally locked out. any ideas? one system is ok. any ideas? Thanks icon_rolleyes.gificon_confused.gif

Comments

  • Danman32Danman32 Member Posts: 1,243
    Most of the time when I help clients fix an error trying to access a GPO, it's a replication failure or other problem where the GPO editor can't get to the files in the SYSVOL. The GPO system accesses the GPO files using network access, so it is possible that you can manually edit the sysvol files, but the system has a break somewhere in the channel to access them. Check your event log for clues especially in the area of replication errors.

    If you truely did lock the keys in the car so to speak, you could edit all the GPOs under the sysvol folder on a DC to a known working state, and give the GPT.INI in the root of the GPO folder a version number higher than on all the other DCs. Let that replicate, or force replication, force GPO update and see if you can get in again.

    Worse comes to worse, you can do a an authorative system state restore.
  • NPA24NPA24 Member Posts: 588 ■■□□□□□□□□
    Or you can use dcgpofix to restore the GPOs to default installation.

    The following Microsoft link has more info about that tool:

    http://technet2.microsoft.com/WindowsServer/en/Library/48872034-1907-4149-b6aa-9788d38209d21033.mspx?mfr=true
  • agustinchernitskyagustinchernitsky Member Posts: 299
    Try and boot in safe mode.

    Modifiy the GPO... (you can apply the default setup security template for DC)... see if you can recover.

    Try and tell me exactly what settings did you apply (ie a security template?) and then I can give you some help.
  • eurotrasheurotrash Member Posts: 817
    Yeah...I'll assume the problem has been fixed after two years...
    witty comment
  • TeKniquesTeKniques OSCE, OSCP, CISSP, CISA, SSCP, MCSE (03), Security+, Network+, A+, Project+ Member Posts: 1,262 ■■■■□□□□□□
    _omni_ wrote:
    Yeah...I'll assume the problem has been fixed after two years...

    LOL icon_lol.gif
  • Danman32Danman32 Member Posts: 1,243
    Oops. icon_redface.gif Didn't notice the post date.

    It's stuff like this that gets me in trouble on tests.
Sign In or Register to comment.