Domain Controller's Log on Locally rights removed or set to "Not Configured".

In a situation where you have�accidentally locked yourself. You have removed Domain Controller's policy: "Log On Locally" and no one is allowed to log on locally on the domain controller. There are few methods that you can use to retrieve the logon rights back.

This is only possible if you are facing problems logging on locally. If you have accidentally removed the following rights or have denied yourself then there is no way to make DC operable in this case � but there is way!
�
Access This Computer From Network
Deny Access This Computer From Network
�
Okay, let�s talk about �Log on Locally� right and how to get it back.
�
You can use the following methods outlined below to get it back on track:
�
Users or Administrators should be able to access this computer remotely as long as the �Access This Computer From Network� logon right is enabled and configured properly.
�
Method 1
�
1. Go to a Workstation (XP) or Windows Server
2. Open Active Directory Users and Computers.
3. Right Click on Domain Controllers OU > Property > Group Policy Tab.
4. Change the setting in there for "Log on locally" right.
5. Run PSEXEC to enforce policies on DC.

���������� PSEXEC \\Dc_name secedit /refreshpolicy user_policy
�����������PSEXEC \\Dc_name secedit /refreshpolicy machine_policy

6. Wait for five minutes.
7. Now try to log on to DC locally.

Everything should work.

Method 2
�
If problem still persists you can follow the steps listed below to manually reset it.

1. Go to a Working DC.
2. Go to SYSVOL.
3. Look for two GPO in there:

Domain GPO GUID {31B2F340-016D-11D2-945F-00C04FB984F9}
DC GPO GUID {31B2F210-016D-11D2-945F-00C04FB981F1} � � � � switch to this one - This is the Default DC GPO.

4. Copy the contents.
5. Access remote computers C:\ drive.
6. Switch to SYSVOL share.
7. Look for two GPO in there:

Domain GPO GUID {31B2F340-016D-11D2-945F-00C04FB984F9}
DC GPO GUID {31B2F210-016D-11D2-945F-00C04FB981F1} � � � �Double click to open this folder.

6. Paste the contents here.
7. Now run PSEXEC command with Secedit to enforce policies.
�
Please note copying GPO from one DC to another will cause your all settings to be removed.

Please check Sysinternals at Microsoft site for PSEXEC:
�
http://www.microsoft.com/technet/sysinternals/default.mspx
�

Microsoft corporation and/or its respective suppliers make no representations about the suitability, reliability, or accuracy of the information and related graphics contained herein. All such information and related graphics are provided "as is" without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information and related graphics, including all implied warranties and conditions of merchantability, fitness for a particular purpose, workmanlike effort, title and non-infringement. You specifically agree that in no event shall Microsoft and/or its suppliers be liable for any direct, indirect, punitive, incidental, special, consequential damages or any damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the use of or inability to use the information and related graphics contained herein, whether based on contract, tort, negligence, strict liability or otherwise, even if Microsoft or any of its suppliers has been advised of the possibility of damages.