No announcement yet.

Locked Out of DC Due to GPO/Smartcard Issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • Locked Out of DC Due to GPO/Smartcard Issue

    Server 2003 enterprise 32bit (sp2), 1 domain controller (in a lab environment) playing with Smart Card login <everybody laughs> Something went wrong with the smartcard and we cant log in at all now... (smart card was required for login).

    Got no idea how to rectify, or if it is indeed rectifiable. We can boot into DSRM, have tried manually renaming the policy folder in sysvol share but this hasnt helped. We figure if it cant read the policy it cant apply it.

    Smart card setting was defined in its own GPO (ie not in the default domain controller/default domain policies).

    There are no system backups. If anyone has any ideas on how to recover the system aside from fresh install (which doesnt really matter), it would be greatly appreciated. We would like to learn something further <grin> from this mistake.

  • #2
    Re: Locked Out of DC Due to GPO/Smartcard Issue

    Bit of thinking outside the square had it fixed....

    for anyone else that gets this problem:

    create a child domain on a new machine
    load gpmc on child domain, runas enterprise admin
    disable GPOs
    use psexec to remotely run gpupdate on domain controller.
    problem solved.


    • #3
      Re: Locked Out of DC Due to GPO/Smartcard Issue

      Well Done!
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **