Re: Domain user is seen as domain administrator?
- From: "Giedrius" <unknown@xxxxxxx>
- Date: Wed, 31 May 2006 11:57:59 +0300
Thanks for a help, thats exactly that was defined (User
Accounts\Advanced\Manage Passwords).
It is interesting, how it got here, since I cannot remember myself using
this control panel applet.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:eirYggIhGHA.4712@xxxxxxxxxxxxxxxxxxxxxxx
OK, I think I now see what you are saying.
On machine A if user X log in (not with RunAs) and then
accesses machine B you see that it is actually user Y that
gets used on machine B, but if some other user had logged
into machine A and then used RunAs to get process as
user X and this then accesses machine B you see the access
is still as user X.
Is that it?
What happens in the RunAs scenario if the /profile switch of
the RunAs command is used ?
While logged into the machine from which off-box accesses
are showing this, go into control panel's User Accounts
applet and in there look to see if there are any network passwords
defined (link in Related Tasks on the left) for use going to the other
computer where you observe the account has been mapped.
"Giedrius" <unknown@xxxxxxx> wrote in message
news:%233Kk9uHhGHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
by saying "is seen as 'domain\administrator' " I mean that some user
domain\X is beeing morphed to be account domain\Y:
monitoring sql profiler shows user Y activity
viewing computer management\shared forlders\sessions shows user Y
activity
setting permissions for some folders (in domain controller) for the user
X does not work, as this user is seen as another Y.
setting permissions on other servers works, as on other servers user X is
user X.
And yes this user is in Domain Admins group.
Most interesting that this is happening only between one exact
workstation and one exact domain controller.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uqdFvV$gGHA.1320@xxxxxxxxxxxxxxxxxxxxxxx
Can you please first tell us what characteristics make you state
" . . . is seen as 'domain\administrator' . . . "
I am most interested in the "is seen" part, but also in that you
are saying account domain\X is being morphed to be account
domain\Y instead.
The bottom line for grants of admin is membership in the groups
Domain Admins and/or Administrators
"Giedrius" <unknown@xxxxxxx> wrote in message
news:us2xRT%23gGHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
my domain user is like 'domain\user' and this user is a member of lots
of domain groups.
Now, this user on a primary domain controller is seen as
'domain\administrator', on other computers it is normal user.
This happens only from one computer and only if login\password was
entered on initial welcome screen after pressing Ctrl+Alt+Delete, and
does not happen if login\password for ''domain\user' were entered by
using RUN AS.
Viewing processes on local computer shows normal user, viewing on a
domain controller shows that admin user is logged.
What could cause such behaviour and how it can be fixed?
.
- References:
- Domain user is seen as domain administrator?
- From: Giedrius
- Re: Domain user is seen as domain administrator?
- From: Roger Abell [MVP]
- Re: Domain user is seen as domain administrator?
- From: Giedrius
- Re: Domain user is seen as domain administrator?
- From: Roger Abell [MVP]
- Domain user is seen as domain administrator?
- Prev by Date: Re: Domain user is seen as domain administrator?
- Next by Date: Firewalls
- Previous by thread: Re: Domain user is seen as domain administrator?
- Next by thread: How to export pkcs#12 data from an X509Certificate using .Net 1.1 ?
- Index(es):
Relevant Pages
|
