So, kiddies, here’s a word of warning. That little sentence on the Microsoft Security Guide that reads something like “make damn sure your GPO is perfect before linking it to the OU or else“ isn’t kidding. Because of a brain fart last night, I added the built-in Administrator account to the “Deny log on over Terminal Services” and “Deny log on over the network” to the domain controller GPO as recommended in the security guide – except I hadn’t got around to creating my personal admin account and I was still using the built-in one. D’oh!
After a quick little fix this morning, we’re back operational again. I am, however, about 1/2 a day behind schedule – though I’m beginning to think my schedule is a little harsh. I see a weekend of work up ahead. *sigh*