Archived from groups: microsoft.public.win2000.advanced_server (
More info?)
"waseem ullah" <anonymous@discussions.microsoft.com> wrote in message
news:2956501c4651b$2af777c0$a401280a@phx.gbl...
> i made a GPO xyz and was applying some group polices and
> restriction from the user configuration in group policies
> snap in and when i logged off and tried to log in again i
> could not ....
You should be carefull when restricting user groups when hardening your
domain. Suppose you deny domain users from network access, login or access
permissions to a resource. This affects the admin since admin is a member of
domain users. Admin is not God, far from it.
Now you are stuck having to either reinstall or deleting/recreating your sam
database. Thats unless you can access a DC through the network from an
NT/W2K client station with the adminpak.msi installation.
Also, when testing a GPO, do it on an organisational unit first. After all,
the OU is where you should be focusing and isolating your groups, shares,
printers, etc...
Last but not least, there is an MMC snap-in that provides security analysis
where a security template database can be created, modified, assembled,
tested, compared, analyzed AND applied with a logged result. Its called the
Security Configuration Tool Set and available off the shelf in all standard
W2K DC installations.
http://www.microsoft.com/windows2000/techinfo/howitworks/security/sctoolset.
asp
Thats without mentioning the Baseline Security Analyzer:
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Facebook
Twitter
Instagram