Old Admin locked out Server.


  • Here is the Scenario, our old Admin before he left changed the Group Policy on our mail Server (2012 r2). He enabled the DenyLocalLogon policy and the DenyNetworkLogonPolicy. Curerntly this means that no one can log into the server. It's still functional, but i'd like to gain access before it becomes a problem. I checked our backups. The same policy is set, so it much have been this way a while.  I've tried NTRights.exe, but either I get an error, which is caused by our inability to log into the server or the change is processed as successfull, but we still can't log in.  I've looked through possible GPO solutions, unfortunately the GPO settings that were changed were local settings, so they can't be changed remotely, although I'm not incredibly familiar with GPO on a domain.  Is there a way to access this server either remotely or locally, or is there a way to reset these GPO policies to gain us access to the server?

    The server is a 2012 r2 virtual machine. It is connected to a domain.

    • Edited by mertiogerr Monday, December 21, 2015 12:12 AM
    Monday, December 21, 2015 12:11 AM