Impossibile loggarsi localmente come administrator in Windows 2000
| Attenzione questo articolo è ancora incompleto. Sentiti libero di contribuire cliccando sul tasto edit. |
In caso si visualizzi il messaggio:
e non si riesca a loggarsi in consolle come administrator, operare come segue.
Per risolvere questo problema, è possibile accedere al computer che nega l'accesso di un utente mediante un account amministrativo situato in un altro client.
È quindi possibile utilizzare il programma Ntrights.exe del Microsoft Windows 2000 Resource Kit per rimuovere l'utente dal diritto utente "Nega accesso locale".
Per effettuare questa procedura, utilizzare la seguente sintassi (rispettando la distinzione tra maiuscole e minuscole):
ntrights -m \\computer -u gruppo o utente da rimuovere -r SeDenyInteractiveLogonRight
Occorre anche sistemare il tutto per la policy SeInteractiveLogonRight (google)
Log on to another machine with administrative credentials.
Then use ntrights.exe from the Resource Kit (needs XP or W2k3 to be installed on, but the exe can then be copied and used on any machine) to grant yourself access again.
The two permissions you need are those (which one of those depends on which setting you changed originally):
"SeInteractiveLogonRight" (case sensitive!) if you only messed up the regular "Allow interactive logon" permission, or "SeDenyInteractiveLogonRight" if you played around with the "Deny local logon" setting.
As for the former, "ntrights -m \\YourServer -u <group or user> +r SeInteractiveLogonRight" shpuld do the trick.
As for the latter, note that you need to *remove* (-r) the right to have the local logon denied: "ntrights -m \\YourServer -u <group or user> -r SeDenyInteractiveLogonRight"
Windows Server 2003 Resource Kit Tools
Error Message: The Local Policy of This System Does Not Permit You to Log on Interactively
http://support.microsoft.com/?kbid=276590
How to Set Logon User Rights with the Ntrights.exe Utility
http://support.microsoft.com/?kbid=279664
What exactly you have to do depends on what you did to lock yourself out.
There are two different possibilities here:
You changed the "Allow local logon settings", and removed some groups that need to have access.
In that case, assuming that your logon name is Administrator, this will give you the permission, so that you can get access again:
ntrights -m \\YourServer -u Administrator +r SeInteractiveLogonRight
The second setting is the "Deny local logon".
If you defined users or groups here, then this setting will override any local logon permissions.
If you added, for example, the group "Domain Users" to the "Deny local logon" (which will lock out everyone, since the Administrator is a member of the Domain Users group as well), the following command will reset that again (note the "-r" when working with the Deny as opposed to the "+r" in the Allow):
ntrights -m \\YourServer -u "Domain Users" -r SeDenyInteractiveLogonRight
As said before, the group/user names to use depend on what you were defining before you found yourself locked out.