id="info"

Question

Locked

Domain Admin Rights

By Jamesa ·
I've just installed 2 new Win2k3 Servers into my existing Win2k3 Domain.

Both servers joined the domain just fine. Both show up in active directory just fine.

HOWEVER, when I log into the two new servers as the domain administrator, they both refuse to allow me to run any programs. Saying that I don't have sufficient rights to access that file (any install program).

Logging in as the local administrator resolves this problem, but I can't seem to figure out why they domain admin doesn't appear to have the rights to install programs.

The Windows firewall is turned off.

Any help would be appreciated.

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

shouldn't

by CG IT In reply to Domain Admin Rights

after joining the domain and being put in the computers or servers OU, at a minimum, the default domain security policy will be applied. That means that the domain admin account listed under the local machine security policy option would be changed to the domain admin account.

That is unless the block policy inheritence is used.

Collapse -

I agree

by Jamesa In reply to shouldn't

I agree, it shouldn't. I'm using the domain admin account on other win2k3 servers with no problems, so it shouldn't be an active directory default domain security policy. Any ideas on how to check this out? I've GOT to get to installing some software :>

I did install both of these servers YESTERDAY with full patches.. did gates change another feature? LOL

Collapse -

Manually add them

by IC-IT In reply to I agree

The Domain Admins to the local admin group.

Collapse -

agree with bwilmot

by CG IT In reply to Manually add them

you can add them to the local admin group. Simple, easy fix.. however that doesn't fix a possibly more serious problem of GP not being applied. I would modify the default domain GP with 1 simple change like having a interactive logon message displayed and see if that works. If it doesn't, then GP isn't being applied to those servers.

Collapse -

Just a couple suggestions

by Kjell_Andorsen In reply to I agree

Here's a couple things you might want to check if you haven't already.

Did the servers get placed in the appropriate OU or are they still in the default Computers container?

Have you run RSOP or the Group Policy Result Wizard from the GPMC to see if GPOs are being properly applied?

In the Computer management console have you checked if the Domain admins group is added to the local administrators group on the servers?

You might also want to check the system logs to see if any weird errors relating to group policy show up.

Collapse -

details

by Jamesa In reply to Just a couple suggestions

The servers are in the default Computers OU as are all my systems.

Gropu policy result wizard reports all is well.

CM on the new machine shows domain admins in the local aministrators group.

And THEN I find something in the logs:

Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Collapse -

Link didn't work..... is this it?

by ThumbsUp2 In reply to details

Is this the error you're getting?

http://support.microsoft.com/kb/938448

What's the Event ID that you get?

Collapse -

opps

by Jamesa In reply to Link didn't work..... is ...

sorry, the event id was 1054

Collapse -

MS KB article

by CG IT In reply to opps

see this:

http://support.microsoft.com/kb/324174/en-us

this indicates a DNS problem.

Collapse -

James, thank you for the PM

by ThumbsUp2 In reply to opps

I couldn't PM you back to answer. You're not accepting PM's. (How does one turn those off anyway? Oh well!)

I'm afraid though, that I'm not the one you need to be in communication with. I can help do research, but I am in NO way any expert on this stuff. You know far more than I do. I've been watching this thread because I too am interested in learning what the problem is and how to fix it.

CG IT is probably the one you need to communicate with, if he's willing.

Back to Networks Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums