How to remotely regain access to the computer on which domain Administrators were removed from Admins?

A DOMAIN computer running Windows 7, which is the group "domain Admins" is not included in local group "Administrators" (maybe something else recycled). I have domain admin rights and local administrator password for this computer. However, I cannot use almost any means to remote control. Equipment "Local users and groups" allows you to see users/groups, but change nothing. Remote desktop, psexec, wmic, tasklist, sc (human services), With$ (official balls), regedit and reg -- everywhere the denial of access. GP also does not work for some reason. Is it possible to cure without physical access to the computer?
June 14th 19 at 20:10
4 answers
June 14th 19 at 20:12
when connected to the computer when you specify the user name specify the username in the form COMPNAME\local_admin
Ivan baidin, of course, for those of the above utilities which allow you to specify credentials that auditioned. The fact that a domain admin can not do anything, it was clear at once, that's why I wrote that there is a password for the local administrator. And the password is correct because the command:
net use \\compname password /user:compname\local_admin
gives error if the password to specify rubbish, but successfully works with the right password. But there is no sense (on XP it gave an opportunity to launch the snap-in "Local users and groups" with the necessary privileges, it would probably UAC blocks). - Enrico_Hilll commented on June 14th 19 at 20:15
June 14th 19 at 20:14
Unfortunately it is not remotely possible, by design. Only locally.
Absurd, however, because we are talking about a domain computer, which "by design" should be centrally managed. And for XP it was definitely possible. - Enrico_Hilll commented on June 14th 19 at 20:17
well then do not confuse and mix up domain access (with credits of computer) and connect a local admin on the network to this computer.
But since you write that GPO is also not working, so the computer probably has not been authenticated in the domain for some reason. - Enrico_Hilll commented on June 14th 19 at 20:20
To connect I it seems to connect, but UAC trims rights and how to raise them remotely, is unclear. GP may not work for many reasons (my experience), for example, written left DNS. Login to domain while maintaining (probably using Netbios and NTLM), but for a politician it is fatal. - elizabeth_Russel commented on June 14th 19 at 20:23
Yes sorry, forgot about the UAC he did not give anything to do a few months ago. Now checked-disabled UAC in the test lab - all the rules, added the administrators, removed from the admins. - Enrico_Hilll commented on June 14th 19 at 20:26
June 14th 19 at 20:16
1. Try to reconnect
net use \\remote_machine /delete
net use \\remotecomp /user:\\remotecomp\local_admin password
And then to try to call the management snap-in.

2. Try to perform step 1. with a non-domain computer.

3. Teamviewer/remote desktop?
June 14th 19 at 20:18
There is a way which sometimes you have to use, but not to burn in front of the user.
Make a batch file with the desired commands, where they naturally run as administrator.
Add it to the scheduler user in the "at boot", "login" and rabotaete computer.

Find more questions by tags Active DirectoryNetwork administrationWindows