Domain users permissions on computers

By ThaSniper ·
I have a trouble situation regarding domain user permissions effecting on the domain computers.

I have a domain on a windows 2003 server. I need to be admin at any PC on the domain, but not to be using domain user Administrator all the time. So I included my own domain user in all admins groups, such as Administrators, Domain Admins, DHCP Admins, etc. I also checked that the local PCs Administrators group include these groups. So anyone within these groups would be automatically admin at any PC on the domain.
But when I login to local computers with this domain user, it ends up not being able to do a few things, nor access a few permission restricted folders, as not being administrator. If I login with local Administrator or with domain Administrator, it works fine. It also works fine if I add my user directly to the local PC Administrators group.

Whats wrong? It should work...

Similar issues are actually occurring in several different domains (on different networks) that I have to deal with. It's driving me nuts!
For example, a share on the server with full permissions set, to be accessed by a domain PC, not being accessible by domain users in the group Domain Users, even if I set this group to be a co-owner of the share. But if I add this domain user to some local PC privileged group, it works. This doesn't make any sense because the permissions on local PC shouldn't affect it capability to access a full permissions share on the server!

Please help!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Advanced Settings

by In reply to Domain users permissions ...

If you go to the Advanced permissions settings and then to the Effective Permissions tab, does the users and/or groups that are having issues have the permissions you would expect?

Collapse -

Found the trouble

by ThaSniper In reply to Advanced Settings


I found out that when I get this trouble, its because the other user not Administrator, has to belong directly to the Administrators group. But it should be enough to belong to Enterprise Admins or Domain Admins, since both are included in the Administrators group. It should work. Maybe it's some weird policy...

About the other mentioned issues, I was unable to work on it again, so can't do any further trouble shoot. Things are working, but only because I added the users to local special rights group, otherwise they wouldn't access a full permission share on server.

Thank you for the help.

Related Discussions

Related Forums