General discussion

  • Creator
    Topic
  • #2319917

    Administrative rights

    Locked

    by dschwer ·

    Hi

    Here is my scenerio. I currently have a lab with an Windows 2000 Active Directory domain. I add a windows XP pro box to the domain and log in to the XP machine with a user who has Enterprise Admin rights on the domain except I have no rights whatsoever on the XP machine after logging in. Do I have to add the domain account to the local administrator account to have administrative rights on the XP machine. And if so why?

    Any help would be greatly appreciated

    dale

All Comments

  • Author
    Replies
    • #3518489

      Administrative rights

      by khongphutu ·

      In reply to Administrative rights

      Yes, you have to add the DC account to the local Admin group. This is because the relationship from XP Pro client to the DC is authenticated but the relationship from the DC to the XP Pro client has no way to authenticate the login user. Keep in mind that in order to manage the local account of a non-server (XP Pro)machine, you must be a member of the local admin. Authentication between servers can be setup as trusted which does not require explicit setting in admin group.

    • #3517737

      Administrative rights

      by blackdiamond ·

      In reply to Administrative rights

      Hey,

      It depends if you are going to be logged into the domain. If you log into the domain with this account you should not need the account to be local. If you login to the PC only then you will need to have the account be local to have the rights you need. If you add it locally I don?t think you have the option to add Enterprise Admin.

      • #3517545

        Administrative rights

        by blackdiamond ·

        In reply to Administrative rights

        Hey,

        What domain group memberships is this person in? I know that we have many XP systems and what is happening to you is not happening here. Can the person be added to the Domain Admin group as a test as well as the Enterprise Admin group on the server?

        I checked rights of our admin account that we use when working on PCs and it is not a user listed on the local system, it is a member of Domain Admins not Enterprise Admin and it has full rights on the XP systems I tried this on.

      • #3517234

        Administrative rights

        by dschwer ·

        In reply to Administrative rights

        Poster rated this answer

    • #3517731

      Administrative rights

      by dschwer ·

      In reply to Administrative rights

      Thanks guys for the responses. Here is why I posed the question. It would seem that if I log into the domain on the Windows XP box with an account that has Administrative rights I should have admin rights on the XP box, but thats not the case. Only when I add a domain admin account to the local administrative group of the XP box do I have admin rights and that becomes frustrating if you have 4000 machines you need to do this for. Am I missing something. I also have a Windows 2000 Pro box and when I log into that machine with a Domain Admin account I have Admin rights on the Windows 2000 box. Whats different about XP. I thought it was the same.

    • #3517535

      Administrative rights

      by gr@ndcri ·

      In reply to Administrative rights

      You must add your computer to your domain and then automatically the domain admin group will be added in your local Administrator group. How to add you pc to your domain ? Right click on My Computer\properties\Network Identification select Domain and type your domain name ?OK- a popup window will appear for a user and a password (domain admin account and password). You?ll be ask to reboot?
      Finally logon with a domain admin account to connect to that pc then you?ll have full rights on this machine.

    • #3517511

      Administrative rights

      by dschwer ·

      In reply to Administrative rights

      Hi

      I agree with all your responses that I should have admin rights on the XP box if it is logged into the domain. That is my problem. The XP box is logged into the domain with a Enterprise Admin account and it still will not allow me admin rights. How can I find out why this is happening are there any tests??

      Thanks

    • #3517250

      Administrative rights

      by spongebob_squarepants ·

      In reply to Administrative rights

      Enterprise Administrator is NOT given local admin rights by default in each domain. Only DOMAIN admin is given local admin rights on each computer in domain by default. Why you ask? Security. You may have a highly secure domain that only a very few select people should have administrative rights on (such as an R&D domain) while you need to have a group of administrators for the entire enterprise. There are different rights available for different level administrators. Try adding your Enterprise administrators group into the Domain Admins group and that should solve the problem.

    • #3517232

      Administrative rights

      by dschwer ·

      In reply to Administrative rights

      This question was closed by the author

Viewing 6 reply threads