I see the response below, which I appreciate it, but I do not feel it qualifies as an answer. It states little more than, "You shouldn't have done that", but doesn't provide any suggested solutions, other than a general reference to using a registry editor. I have used a registry editor, but I need more granular instructions. Thank you!
I applied the appropriate DISA STIGs to a Windows 7 computer that is connected to the Internet, but not part of our agency's domain. At some point a policy that I applied through a DISA STIG locked all the accounts out. One, the renamed Administrator, shows it to be disabled. My account (and that of two other users on the machine) is part of the Administrator group, and it indicates that it's locked out. I booted into the box with Hiren's BootCD, and was able to blank out the passwords and unlock the accounts. However, when I reboot back into Windows 7 and try to logon, it immediately reverts to the STIG policies, and shows that the accounts are still disabled or locked out. It appears that the tool in the Hirem BootCD is allowing me to access the SAM database and make changes, but that STIG policy is taking prececdence. Is there a way around this, to be able to modify the STIG account policies back to default?
UPDATE: I've tried to use a couple of tools to use regedit and command line. For command line, if I could just run the command I believe I could reset the Windows group policy setting. Problem is, I can't boot into something yet that will let me access a true command prompt and access the OS drive. For the registry, I would need a registry editor and the correct commands to run group policy changes to reverse the accounts being locked out/disabled.
