I'm in an unusual predicament in that there is no account I can use to add local admin rights to a computer with the exception of the Administrator account – which is disabled.
On a new domain I'm setting up, I created a GPO to try make the logged in user (and others) a local admin by adding the domain group to the LOCALCOMPUTER\Administrators group. I followed this guide http://richardstk.com/2013/11/26/adding-domain-users-to-the-local-administrators-group-using-group-policy/ and used groups that have the users in them.
The GPO must've worked to some extent because it removed everyone from the Administrators group except Administrator. But because that account is locked, I can use it to log in and set the other local account or any domain accounts.
How do I unlock the Administrator account without being a local administrator?
Or, how can I restore another local admin or domain account to the Administrators group?
I've tried the GUI and CMD methods without success:
Best Answer
Use an NTPasswd boot disk to enable the administrator account on the machine. Then you can try to fix the permissions.
Or just fix the GPO to add everyone back.