General discussion

Locked

Administrative rights

By dschwer ·
Hi

Here is my scenerio. I currently have a lab with an Windows 2000 Active Directory domain. I add a windows XP pro box to the domain and log in to the XP machine with a user who has Enterprise Admin rights on the domain except I have no rights whatsoever on the XP machine after logging in. Do I have to add the domain account to the local administrator account to have administrative rights on the XP machine. And if so why?


Any help would be greatly appreciated


dale

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Administrative rights

by KhongPhuTu In reply to Administrative rights

Yes, you have to add the DC account to the local Admin group. This is because the relationship from XP Pro client to the DC is authenticated but the relationship from the DC to the XP Pro client has no way to authenticate the login user. Keep in mind that in order to manage the local account of a non-server (XP Pro)machine, you must be a member of the local admin. Authentication between servers can be setup as trusted which does not require explicit setting in admin group.

Collapse -

Administrative rights

by dschwer In reply to Administrative rights

Poster rated this answer

Collapse -

Administrative rights

by BlackDiamond In reply to Administrative rights

Hey,

It depends if you are going to be logged into the domain. If you log into the domain with this account you should not need the account to be local. If you login to the PC only then you will need to have the account be local to have the rights you need. If you add it locally I don?t think you have the option to add Enterprise Admin.

Collapse -

Administrative rights

by BlackDiamond In reply to Administrative rights

Hey,

What domain group memberships is this person in? I know that we have many XP systems and what is happening to you is not happening here. Can the person be added to the Domain Admin group as a test as well as the Enterprise Admin group on the server?

I checked rights of our admin account that we use when working on PCs and it is not a user listed on the local system, it is a member of Domain Admins not Enterprise Admin and it has full rights on the XP systems I tried this on.

Collapse -

Administrative rights

by dschwer In reply to Administrative rights

Poster rated this answer

Collapse -

Administrative rights

by dschwer In reply to Administrative rights

Thanks guys for the responses. Here is why I posed the question. It would seem that if I log into the domain on the Windows XP box with an account that has Administrative rights I should have admin rights on the XP box, but thats not the case. Only when I add a domain admin account to the local administrative group of the XP box do I have admin rights and that becomes frustrating if you have 4000 machines you need to do this for. Am I missing something. I also have a Windows 2000 Pro box and when I log into that machine with a Domain Admin account I have Admin rights on the Windows 2000 box. Whats different about XP. I thought it was the same.

Collapse -

Administrative rights

by Gr@ndcri In reply to Administrative rights

You must add your computer to your domain and then automatically the domain admin group will be added in your local Administrator group. How to add you pc to your domain ? Right click on My Computer\properties\Network Identification select Domain and type your domain name ?OK- a popup window will appear for a user and a password (domain admin account and password). You?ll be ask to reboot?
Finally logon with a domain admin account to connect to that pc then you?ll have full rights on this machine.

Collapse -

Administrative rights

by dschwer In reply to Administrative rights

Poster rated this answer

Collapse -

Administrative rights

by dschwer In reply to Administrative rights

Hi

I agree with all your responses that I should have admin rights on the XP box if it is logged into the domain. That is my problem. The XP box is logged into the domain with a Enterprise Admin account and it still will not allow me admin rights. How can I find out why this is happening are there any tests??


Thanks

Collapse -

Administrative rights

by SpongeBob_SquarePants In reply to Administrative rights

Enterprise Administrator is NOT given local admin rights by default in each domain. Only DOMAIN admin is given local admin rights on each computer in domain by default. Why you ask? Security. You may have a highly secure domain that only a very few select people should have administrative rights on (such as an R&amp domain) while you need to have a group of administrators for the entire enterprise. There are different rights available for different level administrators. Try adding your Enterprise administrators group into the Domain Admins group and that should solve the problem.

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums