General discussion

Locked

Windows 2003 Domain\Windows XP Issue

By pjcannon ·
I have a windows 2003 SP1 domain controler. I joined a windows XP SP2 laptop to the domain. When I log onto the domain from the laptop, the user account does not have administrative rights on the laptop, i.e. cannot install software etc. The user account is a memmebr of the Administrators group for the domain. I am not sure if this is a domain issue on the server on an xp issue. How do I get the user to have local admin rights?
Thanks
Pat

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by w2ktechman In reply to Windows 2003 Domain\Windo ...

go to admin tools -- computer management -- local users and groups -- select groups -- select administrators -- add the domain account

Collapse -

by pjcannon In reply to Windows 2003 Domain\Windo ...

I take it you are talking about adding this on the XP computer?

Collapse -

by CG IT In reply to Windows 2003 Domain\Windo ...

are you sure the account your using is a domain user account? if you log on to the domain using the domain user account, the domain admin account has all rights on the workstation[heck the entire domain unless this is an enterpise with the Enterprise admin group which is elevated privileges over domain admin in multi-domain networks.

Collapse -

by CG IT In reply to

domain users don't have rights to install software. Power user group has rights to install software, or while logged onto the domain try using the run as and enter your credentials. If they don't work, then I would say the account isn't a domain admin account.

Collapse -

by pjcannon In reply to

problem fixed

Collapse -

by pjcannon In reply to Windows 2003 Domain\Windo ...

I take it you are talking about adding this on the XP computer?

Collapse -

by pjcannon In reply to Windows 2003 Domain\Windo ...

The user Account is a member of:
Domain users- domain.local\users
Administrators - domain.local\Builtin
Do to your comment I just checked & there is no power users group listed in either the users group or Built in group in active directory users and computers.

Collapse -

by BFilmFan In reply to Windows 2003 Domain\Windo ...

Add the domain account to the local administrator's account.

Collapse -

by BFilmFan In reply to

And yes, he is talking about on the XP system.

There are no local accounts on domain controllers.

Collapse -

by CG IT In reply to Windows 2003 Domain\Windo ...

when the account is first created, the choice of accounts is presented. If an account is placed in the domain users account, rights and permissions are for domain users. Adding that account to an administrator's security account does not necessarily elevate that user to administrator status [because the account is a domain user account]. In processing permissions, for access, the most restrictive permissions apply. Therefore in the case of a domain user account which is also a member of the administrator's security account, the most restrictive [domain user] applies. If you want administrator access in the domain, one must elevate a user account to administrator level in essence change the account to an administrator's account from a domain user account.

Just create a new account and make that account a domain administrator's account.

There are many security features in a domain, one of which restricts access to local machine log on. If an account is to have local machine administrator access and is a domain user account, the domain user account should be a local machine administrator AND the user log on locally to be granted administrator privileges to the local machine. Policy is processed local machine, site, domain and OU in that order. granting domain users administrator status to a local machine does not guarentee that the domain user has access to the local machine while logged in to the domain as a domain user.

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums