MyOrganization applied the GPO as per Microsoft's advicehttp://support.microsoft.com/kb/962007The problem is it REMOVED all Domain access, disabled local administrator accounts.Now I can't figure out how to get back ontomy machines.1> Can't logon to Domain because NetLogon service is unavailable2> Can't logon with ANY local administrator accounts because they have been DISABLED.3> Last Known Good Configuration does not work.Removing the service and rebooting doesn't work.How do I undo this?ThanksLaralforbes

hi there,i see that this update is released for cleaning conficker.b worm. But didnt you check your network if it has this worm ? , because if your network hasn't got affected with this worm , i wouldn't personally feel to install it and i believe in the step 4 it has been mentioned that "disable local administrator account " so your step 2 is validi will be checking thsi tomorrow on windows xp clients and will report backsainath Windows Driver Development

Sainath Into Driver Development said: hi there,i see that this update is released for cleaning conficker.b worm. But didnt you check your network if it has this worm ? , because if your network hasn't got affected with this worm , i wouldn't personally feel to install it and i believe in the step 4 it has been mentioned that "disable local administrator account " so your step 2 is validi will be checking thsi tomorrow on windows xp clients and will report back sainath Windows Driver Development Yes apparently they applied it thinking it would PREVENT us getting the worm. It appears that they did not actually read the entire GPO first. We are not infected except that we had 500 workstations that couldn't talk to the network due to the application of this GPO setting.lforbes

AFAIK , the only way to get back the original behavior back is to uninstall the update if uninstallation is unsuccessful , you need to check what are the binaries this patch is updating. For instance this update might write some value into registry or modify some registry part and also the dll which you need to check and revert back the changes.i believe last known good configuration should revert back the changes, check that option but if it didnt work, then only way is to manually remove the patch and the entries.sainath Windows Driver Development

Sainath Into Driver Development said: AFAIK , the only way to get back the original behavior back is to uninstall the update if uninstallation is unsuccessful , you need to check what are the binaries this patch is updating. For instance this update might write some value into registry or modify some registry part and also the dll which you need to check and revert back the changes.i believe last known good configuration should revert back the changes, check that option but if it didnt work, then only way is to manually remove the patch and the entries. sainath Windows Driver Development It is NOT the update causing the issues. It is the GPO setting recommended in the KB I listed (remove System and Administrator Full Control off svchost registry key. The update had been applied successfullyto the machines already in October however, there has been news of the worm getting passed machines that had already been patched so that was where the worry was.It was not my mistake. They just didn't read the GPO email that was sent properly.lforbes