none
remove admin right on server 2012

    Question

  • hi

    I have a server 2012R2 in office

    i edit the GPO for disable only user right that user can not logon remotely on server 2012

    now ,I can not log on with administrators account such as remotely or localy.

    please help me.....

    Thursday, April 27, 2017 8:10 AM

Answers

  • Hi,

    you need to lock out yourself out of this situation. I would suggest, adding another computer to the domain, logging on to it (assuming you haven't removed the deny logon right for the whle domainm, but only on the DC), installing the GPMC and editing the GPO remotely:

    1. launch an mmc (if you have to change accounts, then use runas from a cmd line to launch the mmc)
    2. You can add the Group Policy snap-in from File, Add/Remove Snap-in
    3. Choose `Group Policy Object Editor" and click Add
    4. Change it from Local Computer by clicking "Browse" and then clicking "Another Computer" and typing in the name of the remote computer.

    Correct the settings.

    Regards,


    Stoyan (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!)

    Thursday, April 27, 2017 9:03 AM

All replies

  • Hi,

    which settings did you disable? Can you please post it here? Is it "Deny logon locally"?

    Have you tried installing the GP Management console on another computer and editing the GPOs from there? If you don't have firewall restrictions this might work. What about the server manager?

    Regards,


    Stoyan (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!)

    Thursday, April 27, 2017 8:15 AM
  • thanks for reply

    I have not gp on another pc

    when remotely connect on server and logon show this message

    "To sign in remotely, you need the right to sign in through Remote Desktop Services.By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually."

    when go to server locally , I can not log on locally or domain with built in admin account.

    Thursday, April 27, 2017 8:52 AM
  • Hi,

    you need to lock out yourself out of this situation. I would suggest, adding another computer to the domain, logging on to it (assuming you haven't removed the deny logon right for the whle domainm, but only on the DC), installing the GPMC and editing the GPO remotely:

    1. launch an mmc (if you have to change accounts, then use runas from a cmd line to launch the mmc)
    2. You can add the Group Policy snap-in from File, Add/Remove Snap-in
    3. Choose `Group Policy Object Editor" and click Add
    4. Change it from Local Computer by clicking "Browse" and then clicking "Another Computer" and typing in the name of the remote computer.

    Correct the settings.

    Regards,


    Stoyan (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!)

    Thursday, April 27, 2017 9:03 AM
  • thanks

    I try it.. and say result for you

    thank you very match

    Thursday, April 27, 2017 9:10 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.
    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 1, 2017 5:29 AM
    Moderator
  • Hi dear Stoyan thank you for your help My problem was solved I was just using the Remote Administrator Tools feauturs and also Remote Powershell for use gpupdate!! thank you very match
    Sunday, May 7, 2017 9:08 AM