I'm an idiot

[dabest23]

I'm running Windows 2000 Professional

I was messing around with the local security policy and i accidently disabled the ability of administrator to login locally or remotely. I only have two accounts on the computer: administrator and guest. I can still logon as guest but i can't do anything to fix my little problem. Any help on this matter would greatly be appreciated. Thanks

 

[imhotepmp]

What you could do is do a parallel installation and then take ownership. Never tried it, so dont know the exact details of it.
You might want to try posting your question here as well.



imhotepMP

 

[dabest23]

that's not really an option for me

does anyone know if i could fix this using the recovery console? i have the ability to start and stop every service the computer runs. does the security policy run as service?

 

[igiveup]

The only piece of information that I can add here is that Domain settings will override your lockout on the administrator account. If you can somehow join a domain on a friends computer (we all have friends with NT 4.0 Server or Win2K server right?) then you would be able to regain control and modify your local access rights. Is it even possible to join a domain using the guest account? By default they can do a heck of a lot and my eyes were certainly opened. Going to fix that account about now. I repeated your problem with a test administrator account and it definitly locked me out of everything that I wanted to get access to.

I think your easiest solution in the end is to reformat and reinstall. Hate to say that cause I can feel your pain, but what else can you do?

 

[igiveup]

Tried recovery console. No go. Kind of makes sense because MS wants to lock down a user if you tell it to lock something out. Sorry. I found a couple of ways to add users but everything required an administrator password and the test one I tried never worked when locked out.

 

[dabest23]

how do you add users?

 

[dabest23]

nevermind that, if you replace the secpol.msc file in c:\winnt\system32, will that work?

 

[dabest23]

nevermind that also, i'm screwed

 

[igiveup]

Is a reinstall not an option?

 

[MrChicken]

Run an emergency repair. the registry files will be from the last ERD you made. Unless you made an ERD after FUBARing the login, it will set the Admin account polices back to the way they were.

 

[igiveup]

Thanks MrChiken. Didn't know it would fix that. Just updated mine.

 

[dabest23]

reinstall is not an option so far, what i'd like to do is add a power user with the recovery console. how could i do this?

 

[dabest23]

by the way, i had made a ERD before i screwed my computer over, but when i try to do a Emergency Recovery using the win 2000 cd, it says the ERD is invalid and cannot be used. The disk is in working condition and all the files are intact. What gives?

 

[waytoomuchcoffee]

You might want to try this link.

I bookmarked it in case I had trouble some day

 

[MrChicken]

Skip the floppy and just run the repair, it will pull the files off the disk. The registry isnt kept on the floppy in 2k like it was in NT4.

 

[dabest23]

i ran the repair without the floppy and it didn't do anything that actually helped. all it did was check the integrity of the drive and the MBR and stuff like that

 

[MrChicken]

look in the winnt\repair directory. In there should be a backup sam file, and if you ran the ERD and saved the registry, you should have a directory called regback in there with another sam.
try copying one of those to winnt\system32\config.

 

[dabest23]

MrChicken, i love you

you are the man!!!

you saved my life, and my computer

Thank you very much

 

[MrChicken]

Glad to have helped.