General discussion

Locked

Standard User somehow has Admin privileges

By RK Bill ·
I created a new user on a Win2K Pro PC connected to a domain running Win2K Server. I identified the user as a "Standard User (Power Users Group)". For some reason the user has Administrator privileges. I deleted the user and re-created the account but the problem still exists. I can't find a way to correct this. Any insight?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by lowlands In reply to Standard User somehow has ...

A power user has permissions that are pretty close to administrator priviliges.
What permissions does the user have that you think are out of the ordinary?

Collapse -

by lowlands In reply to

Does the user have the same strange permissions on another workstation? Or is it specific to the one. It might be possible that somehow the power user has been granted some elevated priviliges on the workstation. Also, is this a local or a Domain account you have created?

Collapse -

by RK Bill In reply to Standard User somehow has ...

User has access to 'Users & Passwords' in Control Panel and also TCPIP settings in Network properties. None of the other users have access to these items.

Collapse -

by RK Bill In reply to Standard User somehow has ...

Problem is specific to the one workstation. The user has a local account and domain account Both are affected.

Collapse -

by cmiller5400 In reply to Standard User somehow has ...

See this doc for the powers granted to Power Users. Also check to see if the local security policy has been changed.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx

Collapse -

by cmiller5400 In reply to

Another good article
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/secdefs.mspx

Collapse -

by curlergirl In reply to Standard User somehow has ...

I would double-check the user's domain security group membership and make sure that he/she is not a member of a domain security group that has been added to the Administrator's group on the local workstation.

BTW, unless you really need the user to be able to log on locally (i.e., when the workstation is disconnected from the domain), you don't need to create a local user account to have a domain user log on to a workstation. You can simply add his/her domain account, or a domain security group in which that user is a member, to the local Users or Power Users group.

Hope this helps!

Collapse -

by RK Bill In reply to

Users domain account is a member of 'Domain Users' only.

Might there be a Registry entry buried somewhere that is causing this issue?

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums