Archived from groups: microsoft.public.win2000.security (
More info?)
I believe so. I have never upgraded a W98 computer to W2K. It should work fine in the
Windows or Window\system32 folder. The reason I suggest putting it there is because
it is in the "path" and will be executed where ever you use it. Ntrights is very
small and even if you need to download the whole Windows 2003 RK [13 MB] tools you
will have plenty of room. Otherwise try using psexec as I also suggested as a
possible solution.--- Steve
"JWC062704" <anonymous@discussions.microsoft.com> wrote in message
news:222a001c45cbb$43038380$a401280a@phx.gbl...
> Steve:
>
> One other thing. My 2nd PC doesn't show a WINNT folder. It
> shows a WINDOWS folder, instead. (IS that a hold over from
> Win 98 before the WIN2000 upgrade?) The WINDOWS folder
> shows security and database and the file secedit.sdb
> though.
>
> How big is the NTRights? My 2nd PC only has about 225 meg
> left of its 4 gig HD.
>
> Thanks, JWC
>
> >-----Original Message-----
> >Hmm. There is no guarantee that method will work all the
> time. I don't
> >believe it will make any difference about renaming the
> old file. Try
> >removing the old file to another folder and leaving the
> new secedit.sdb file
> >alone in that folder. It is always best practice to
> rename a critical file
> >in case something goes really bad or you need it later
> for configuration
> >purposes. Let's go to plan B.
> >
> >First go to
>
http://www.petri.co.il/download_free_reskit_tools.htm
> >and download Ntrights and unzip it and copy it to your
> \winnt\system32
> >folder on your good computer. Read the link below on
> ntrights to remove deny
> >logon rights as an example of how it is used.
> >
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;276590
> >
> >Enter this command on your good computer [substituting
> real computer name]
> >while logged on as an administrator on the locked out
> computer to give users
> >group the right to logon interactively.
> >
> >ntrights -m \\computername -u users +r
> SeInteractiveLogonRight . Type or
> >copy it exactly as shown as the right is case sensitive.
> >
> >I noticed that Petri link to ntrights is currently down.
> You can also get
> >ntrights from a package of tools in the link below. You
> will probably have
> >to install all of them and then just move ntrights to
> your \winnt\system32
> >folder. Delete the rest of them as they are for W2003
> Server but hopefully
> >ntrights will work.
> >
> >http://www.microsoft.com/downloads/details.aspx?
> FamilyID=9d467a69-57ff-4ae7-
> >96ee-b18c4790cffd&displaylang=en
> >http://tinyurl.com/a32f -- same link as above in case of
> wrap
> >
> >Plan C. ******
> >
> >Go to SysInternals and download Psexec, unzip it and
> download it into your
> >\winnsystem32 folder.
> >
> >http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
> >
> >Enter the command psexec \\computername cmd.exe [again
> using real
> >computername]
> >
> >You should see a command prompt on your screen for the
> locked out computer.
> >If you do, then enter the command using secedit in the KB
> link below and
> >append /areas user_rights after it [as shown under link]
> and hit enter. You
> >can copy and paste the command and then add /areas
> user_rights after it. If
> >you goof up and it executes without the /areas
> user_rights, don't worry
> >about it. It will just take a lot longer and maybe change
> some security
> >policy settings you modified from default if any.
> >
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;313222
> >
> >secedit /configure /cfg %windir%\repair\secsetup.inf /db
> >secsetup.sdb /verbose /areas user_rights
> >
> >Hoefully one of the two methods will help. --- Steve
> >..
> >"JWC062604" <anonymous@discussions.microsoft.com> wrote
> in message
> >news:2250d01c45ca2$3e7a8250$a001280a@phx.gbl...
> >> Steve:
> >>
> >> It did not work.
> >>
> >> I was able to access my "locked" PC's C Drive by using
> >> the "\\computername\c$".
> >>
> >> Important points I want feedback on:
> >>
> >> 1) My working PC originally ran on Win 98 and was
> upgraded
> >> to Win 2000. It was not a clean install. I was an
> upgrade.
> >> Also my 2nd PC runs on a PII 233. My locked PC is a
> 800mh
> >> celeron.
> >>
> >> 2) What if I added a 3rd PC running on a clean install
> of
> >> Win2000 to my network and added it to my workgroup.
> Then I
> >> could copy it's "secedit.sdb" to it. Would that help?
> >>
> >> 3) When I copy/pasted the "secedit.sdb" to the locked
> PC,
> >> I did not delete the now name changed "seceditold.sdb".
> I
> >> pasted my 2nd PC's copied secedit.sdb next to it in the
> >> database folder. So, in the end, the database folder on
> my
> >> locked PC had the new/copied "secedit.sdb" file and the
> >> name changed "seceditold.sdb" file still for the fix it
> >> boot up. (Did that cause a problem?)
> >>
> >> 4) I noticed on JSI FAQ #3361 that it says to rename
> >> the "secedit.sdb" file to "secedit.old_sdb". That is
> >> different from your suggestion. You said to rename the
> >> file "seceditold.sdb". Does that make a difference?
> >>
> >> 5) Looking at JSI FAQ #3361 that it says the cause
> >> was "Local Security Policy has been set to deny logon
> >> right to everyone." I do not recall "setting a deny" at
> >> all. I did delete some "user groups" that I didn't
> think I
> >> needed. My guess is that the problem is a missing group
> >> not a deny to everyone. I recall setting a lot of the
> >> security settings to allow for everyone. i do not recall
> >> one time where I set security to deny everyone.
> >>
> >> 6) Over my many attempts to boot up the locked PC, I
> tried
> >> Safe Mode. I watched the as the black screen scrolled
> >> through all of the driver names. Eventually the
> scrolling
> >> ends and the PC sits for quite a while. Could it be
> stuck
> >> trying to load a bad driver? Can I try the "return to
> the
> >> last good configuration" route?
> >>
> >> Once I was able to move throughout my locked PC's file
> >> structure using "\\computername\c$", I feel pretty
> >> optimistic that this can now be fixed throught the
> network
> >> somehow.
> >>
> >> At very worst, I can at least copy everything off of the
> >> PC to a 3rd PC and save it there or burn a CD.
> >> Unfortunately, my existing 2nd PC has only a 4 gig
> >> harddrive so it won't work. It is far too small. Plus it
> >> only had about 225 meg left. It is far too small to
> >> attempt a move.
> >>
> >> I assume it would be possible to add a third (& larger
> HD)
> >> PC to my 4 port router and move the files there. At
> least
> >> I now access to my Outlook email contact files and
> >> email .pst files with info I badly need.
> >>
> >> Also, I had copied installation CD's directly to my
> locked
> >> PC's HD for save keeping in case something happened to
> the
> >> CD's themselves. At least now I can move these files to
> a
> >> 3rd PC.
> >>
> >>
> >> >-----Original Message-----
> >> >Thanks, Steve. You've been a life saver.
> >> >
> >> >JWC062604
> >> >
> >> >>-----Original Message-----
> >> >>The link I showed shows exactly how to do that. Here
> are
> >> >the basic steps.
> >> >>Substitute your actual computer name for the locked
> out
> >> >computer where I
> >> >>show "computername". If you don't know the computers
> >> >actual name, you should
> >> >>see it in My Network Places on the good computer.
> >> >Hopefully your working
> >> >>computer is a Windows 2000 Pro computer or this will
> not
> >> >work and stop after
> >> >>verifiyng or not that you can access the C$ folder on
> >> the
> >> >locked out
> >> >>computer as described in the second sentence below. If
> >> >you can at least
> >> >>access the c$ folder there may be another option but I
> >> >need to know the
> >> >>operating system of your good computer. If you can not
> >> >access the c$ drive
> >> >>you will need to try to take it to someone who can
> slave
> >> >the drive in
> >> >>another computer running Windows 2000 or XP to try and
> >> >repair it or
> >> >>reinstall the operating system which can be done
> without
> >> >destroying your
> >> >>data but will require that you reinstall all of your
> >> >applications, service
> >> >>pack, and critical updates. Note that if you have any
> >> EFS
> >> >encrypted files,
> >> >>that a reinstall that is not an "upgrade" install will
> >> >prevent you from ever
> >> >>accessing them again unless you backed up your EFS
> >> >privaye keys.
> >> >>
> >> >>http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >> >>
> >> >>First logon to your other computer with a logon name
> and
> >> >password that
> >> >>exists on the locked out computer that is an
> >> >administrator on that computer.
> >> >>Create the account on your "good" computer if need be.
> >> >>
> >> >>In the run box type \\computername\c$ and then enter.
> If
> >> >it brings up the
> >> >>administrative share on the other computer which
> should
> >> >show the whole drive
> >> >>you are in. I am assumming c drive is where your
> >> >operating system is at and
> >> >>if it is not use the correct drive letter.
> >> >>
> >> >>Go to the \winnt\security\database folder. First open
> >> the
> >> >winnt folder and
> >> >>then the others in the order shown. Folders are in
> >> >alphabetical order within
> >> >>a folder.This is called the "path". You should see a
> >> file
> >> >called secedit.sdb
> >> >>in the window to the right. Right click that file and
> >> >select rename. Rename
> >> >>it seceditold.sdm and hit enter.
> >> >>
> >> >>Minimize the Explorer Window by selecting the minimize
> >> >icon in the top right
> >> >>hand corner. Now on your "good" computer go to the
> same
> >> >folder path and find
> >> >>the copy of secedit.sdb on it. Right click that file
> and
> >> >select copy. Now
> >> >>maximize the Explorer Window on your locked out
> computer
> >> >and put your
> >> >>pointer in the window to the right where you now have
> a
> >> >file called
> >> >>seceditold.sdb. Right click your mouse and select
> paste
> >> >and you should now
> >> >>see a copy of secedit.sdb from the other computer that
> >> >you just copied.
> >> >>Close your Explorer Windows and reboot the locked out
> >> >computer to see if it
> >> >>helps and let me know. --- Steve
> >> >>
> >> >>"JWC062604" <anonymous@discussions.microsoft.com>
> wrote
> >> >in message
> >> >>news:2212e01c45bc1$8bc86b80$a001280a@phx.gbl...
> >> >>> Steve:
> >> >>>
> >> >>> I actually do have another PC on my (2 PC) network.
> >> This
> >> >>> is how I am communicating now. My purpose for the
> >> >network
> >> >>> was so both PC's could share the cable modem to the
> >> net.
> >> >>> That's the only reason that I have the network.
> >> >>>
> >> >>> Are there other instructions possible with a PC on
> the
> >> >>> network? Or how might a professional repair this
> >> >problem?
> >> >>> I would take the machine to a firm that only dealt
> with
> >> >>> larger, corporate clients.
> >> >>>
> >> >>> Please respond.
> >> >>> JWC062604
> >> >>>
> >> >>> >-----Original Message-----
> >> >>> >See the tips in the link below. If you do not have
> a
> >> >>> another computer on the network
> >> >>> >you are going to need to try and replace the
> >> >secedit.sdb
> >> >>> file on your computer some
> >> >>> >other way such as by putting your hard drive in
> >> another
> >> >>> computer as a slave/secondary
> >> >>> >drive or doing a parallel install of the operating
> >> >system
> >> >>> [best done into another
> >> >>> >partition] in order to do the repair being very
> >> careful
> >> >>> NOT to install over your
> >> >>> >existing installation and do NOT format your drive,
> >> >which
> >> >>> you can delete when you are
> >> >>> >done. Specifically what happened is either you
> >> removed
> >> >>> groups from the logon
> >> >>> >locally user right or added a group to the deny
> logon
> >> >>> locally user right [more
> >> >>> >likely]. --- Steve
> >> >>> >
> >> >>> >http://www.jsiinc.com/SUBG/TIP3300/rh3361.htm
> >> >>> >http://support.microsoft.com/default.aspx?
> scid=kb;en-
> >> >>> us;266465
> >> >>> >
> >> >>> >"JWC062604" <anonymous@discussions.microsoft.com>
> >> wrote
> >> >>> in message
> >> >>> >news:21dd501c45ba2$07056480$a401280a@phx.gbl...
> >> >>> >> I use my PC locally only so last night I was
> trying
> >> >to
> >> >>> >> bypass the Windows logon screen. I thought I had
> >> made
> >> >>> the
> >> >>> >> proper adjustments within "Local Security Policy"
> >> >>> >> and "Users & Passwords" to allow for a straight
> >> boot
> >> >up
> >> >>> >> without the popup Windows logon box.
> >> >>> >>
> >> >>> >> This morning, when I booted up my PC, the Windows
> >> >logon
> >> >>> >> box still comes up so i went ahead and hit "OK"
> >> like
> >> >i
> >> >>> had
> >> >>> >> always dine previously using Administrator as my
> ID.
> >> >>> Then
> >> >>> >> I got a popup message stating "The local policy
> of
> >> >this
> >> >>> >> system does not permit you to logon
> interactively."
> >> >>> >>
> >> >>> >> I hit OK and the above message keeps coming up.
> How
> >> >can
> >> >>> I
> >> >>> >> go back and reset the logon settings the way they
> >> >were?
> >> >>> >>
> >> >>> >> TY JWC062404
> >> >>> >>
> >> >>> >>
> >> >>> >>
> >> >>> >>
> >> >>> >
> >> >>> >
> >> >>> >.
> >> >>> >
> >> >>
> >> >>
> >> >>.
> >> >>
> >> >.
> >> >
> >
> >
> >.
> >
Facebook
Twitter
Instagram