General discussion
-
CreatorTopic
-
June 9, 2003 at 7:52 am #2319917
Administrative rights
Lockedby dschwer · about 20 years, 9 months ago
Hi
Here is my scenerio. I currently have a lab with an Windows 2000 Active Directory domain. I add a windows XP pro box to the domain and log in to the XP machine with a user who has Enterprise Admin rights on the domain except I have no rights whatsoever on the XP machine after logging in. Do I have to add the domain account to the local administrator account to have administrative rights on the XP machine. And if so why?
Any help would be greatly appreciated
dale
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
June 9, 2003 at 7:05 pm #3518489
Administrative rights
by khongphutu · about 20 years, 9 months ago
In reply to Administrative rights
Yes, you have to add the DC account to the local Admin group. This is because the relationship from XP Pro client to the DC is authenticated but the relationship from the DC to the XP Pro client has no way to authenticate the login user. Keep in mind that in order to manage the local account of a non-server (XP Pro)machine, you must be a member of the local admin. Authentication between servers can be setup as trusted which does not require explicit setting in admin group.
-
June 12, 2003 at 7:03 am #3517233
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
Poster rated this answer
-
-
June 9, 2003 at 11:22 pm #3517737
Administrative rights
by blackdiamond · about 20 years, 9 months ago
In reply to Administrative rights
Hey,
It depends if you are going to be logged into the domain. If you log into the domain with this account you should not need the account to be local. If you login to the PC only then you will need to have the account be local to have the rights you need. If you add it locally I don?t think you have the option to add Enterprise Admin.
-
June 10, 2003 at 6:08 am #3517545
Administrative rights
by blackdiamond · about 20 years, 9 months ago
In reply to Administrative rights
Hey,
What domain group memberships is this person in? I know that we have many XP systems and what is happening to you is not happening here. Can the person be added to the Domain Admin group as a test as well as the Enterprise Admin group on the server?
I checked rights of our admin account that we use when working on PCs and it is not a user listed on the local system, it is a member of Domain Admins not Enterprise Admin and it has full rights on the XP systems I tried this on.
-
June 12, 2003 at 7:03 am #3517234
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
Poster rated this answer
-
-
June 9, 2003 at 11:38 pm #3517731
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
Thanks guys for the responses. Here is why I posed the question. It would seem that if I log into the domain on the Windows XP box with an account that has Administrative rights I should have admin rights on the XP box, but thats not the case. Only when I add a domain admin account to the local administrative group of the XP box do I have admin rights and that becomes frustrating if you have 4000 machines you need to do this for. Am I missing something. I also have a Windows 2000 Pro box and when I log into that machine with a Domain Admin account I have Admin rights on the Windows 2000 box. Whats different about XP. I thought it was the same.
-
June 10, 2003 at 6:35 am #3517535
Administrative rights
by gr@ndcri · about 20 years, 9 months ago
In reply to Administrative rights
You must add your computer to your domain and then automatically the domain admin group will be added in your local Administrator group. How to add you pc to your domain ? Right click on My Computer\properties\Network Identification select Domain and type your domain name ?OK- a popup window will appear for a user and a password (domain admin account and password). You?ll be ask to reboot?
Finally logon with a domain admin account to connect to that pc then you?ll have full rights on this machine.-
June 12, 2003 at 7:03 am #3517235
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
Poster rated this answer
-
-
June 10, 2003 at 7:33 am #3517511
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
Hi
I agree with all your responses that I should have admin rights on the XP box if it is logged into the domain. That is my problem. The XP box is logged into the domain with a Enterprise Admin account and it still will not allow me admin rights. How can I find out why this is happening are there any tests??
Thanks
-
June 12, 2003 at 6:37 am #3517250
Administrative rights
by spongebob_squarepants · about 20 years, 9 months ago
In reply to Administrative rights
Enterprise Administrator is NOT given local admin rights by default in each domain. Only DOMAIN admin is given local admin rights on each computer in domain by default. Why you ask? Security. You may have a highly secure domain that only a very few select people should have administrative rights on (such as an R&D domain) while you need to have a group of administrators for the entire enterprise. There are different rights available for different level administrators. Try adding your Enterprise administrators group into the Domain Admins group and that should solve the problem.
-
June 12, 2003 at 7:03 am #3517236
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
Poster rated this answer
-
-
June 12, 2003 at 7:03 am #3517232
Administrative rights
by dschwer · about 20 years, 9 months ago
In reply to Administrative rights
This question was closed by the author
-
-
AuthorReplies