Knowledgebase

windows 2000 expert needed

Posted by DigiCrime, 09-10-2008, 02:32 PM
The group policy folder under system32 had to have admin privileges to install a service pack 4 roll up. The user who installed the update opted to restart the server before putting the permissions back the way it was before...now the administrator account has very limited permissions, how would one go about putting that back since right now the command prmpt is missing, along with the C drive. It has the lowest priviledges at the moment
Posted by TheITAdvisory, 09-10-2008, 02:39 PM
Can you get to the safe mode admin account?
Posted by DigiCrime, 09-10-2008, 02:41 PM
I haven't tried that yet what if I can/can't can you point out a scenario for me
Posted by TheITAdvisory, 09-10-2008, 02:44 PM
Sure, restart the machine and hit f8 or what ever it may be on your machine to get into safe mode, then boot up, and choose the administrator account. You may be able to go back in there and reset the permissions that way. Other then that. I should have asked first if this is a 2000 server, or is it just a work station?
Posted by DigiCrime, 09-10-2008, 02:49 PM
2000 server. The guy set this up was trying to restrict terminal service users on the server. He modified the group policy for the domain (there are no OUs) and applied it to everyone. He then went to the properties of teh group policy folder under C:\winnt\system32 and DENIED adminstrators access to that folder. By doing this, the administrator account was not affected. The problem with that is when we needed to install a sp4 rollup update, we had to allow the admin rights to that folder. The user rebooted the server before re-applying the deny permission. Now, we are locked out just like a standard TS user
Posted by TheITAdvisory, 09-10-2008, 02:52 PM
Try and do the safe mode fix. I do believe that even in win2k server admin still was able to change the ownership of any file. Maybe you can take ownership of the directory, and then change the permissions back the way they were.
Posted by DigiCrime, 09-10-2008, 02:55 PM
Spifferific
Posted by TheITAdvisory, 09-10-2008, 03:00 PM
LOL! keep us posted on the progress and the fix.
Posted by DigiCrime, 09-10-2008, 04:48 PM
Nope lol that didn't work either
Posted by TheITAdvisory, 09-10-2008, 04:49 PM
Which part did you try, safe mode, or taking ownership of the files?
Posted by DigiCrime, 09-10-2008, 04:56 PM
in safe mode. I get the same thing in safe mode as I do in regular mode. Can't access that folder I can't see the C drive, no run command, no cmd prompt nothing that will allow me to even bring up that folder property
Posted by TheITAdvisory, 09-10-2008, 05:06 PM
Try this; http://support.microsoft.com/kb/268019
Posted by DigiCrime, 09-10-2008, 05:19 PM
Ill check when I get back into the office tomorrow but I don't think I'll be able to access the profile folder, at the moment I cant do anything with it just start it up..i cant access anything on c: and nothing in thru control panel
Posted by MKHosting, 09-10-2008, 06:06 PM
Sounds like bit of a mess. All I can suggest is to try taking ownership of the folder. When setting things like this up its always a good idea to have an account out of the policy so you can always get back in easily. And also not applying highly restricted policy's to the root of the domain, always best to use OU's. I know it wasn't you who set it up, just making a recommendation for the future.
Posted by DigiCrime, 09-10-2008, 07:14 PM
Oh I agree. At the moment I'm setting up a test system at home see what I can find out thru Vmware this definitely is a mess. I was going to try and see if we can do it thru just a command prompt but can't even bring one up. Once I can gain access to that folder I can fix the problem, that's going to be the tricky issue for sure
Posted by DigiCrime, 09-10-2008, 11:18 PM
Can't seem to duplicate it in my virtual environment at the moment. What if I bring the system into safe mode and use the command prompt there can folder permissions be changed there?
Posted by plumsauce, 09-11-2008, 01:05 AM
If you can access some other drive or share, perhaps you could copy the executables there and execute from there. cmd.exe, cacls.exe, etc. If you can mount a share, you could mount against the windows partition on another server, and set your path there, to get access to the executables you need. You could also use psexec which lets you run executables over ipc$ At a guess yes. At least for the local administrator. Remember that the floppy and cd are still accessible to you in safe mode.
Posted by Sheps, 09-11-2008, 09:24 AM
You might be able to bring the server into Directory Services Restore Mode and fix it that way.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
please help Me. Server is heavily overloaded. (Views: 509)
Script which resiezes all images in one folder on cron job (Views: 505)
CIHost Down? (Views: 518)
Help with SSL vhosts on WHM (Views: 519)
any one one know www.webhostplus.com? (Views: 536)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.