none
Painted into a corner? RRS feed

  • Question

  • I'm afraid we've gotten ourselves into a spot that we can't easily recover from with a recent GPO.  2008R2 functioanl level domain.  95% Win10 clients spread across the world.  Single domain.

    We applied a Computer policy using preferences that first removed all existing users and groups from the built-in Administrators group and then added back two domain groups and two local users.  gpresult reveals that the machines are picking up the policy but when we look at the Administrators group on any given machine, it's EMPTY and we cannot add anyone into the group no matter which credentials we supply, even domain admin creds.  

    I can't do anything to the machine.  I can't access the default share, view events or even remove the machines from the domain.  Are we screwed?

    Friday, November 20, 2020 8:32 PM