Re: Local Admin vs Domain Admin problems
From: Oli Restorick (youcanguess_at_willowhayes.co.uk)
Date: 05/31/03
- Next message: John Francisco Williams: "Open port for RDP"
- Previous message: Steven L Umbach: "Re: Problem with domain groups on member server"
- In reply to: Andrew: "Local Admin vs Domain Admin problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 May 2003 02:08:11 +0100
I would guess that what you've actually ended up doing is to create a new
user account on the local machine with the same name as the one on the
domain and added this to the local administrators group.
I am also guessing that you did this by using the Users and Passwords applet
in control panel.
The best way to get things straight is as follows:
My Computer (right click)| Manage | Computer Management (Local) | System
Tools | Local Users and Groups | Users
Unless you really want users to have local accounts, you should only see
Administrator and Guest in here.
If you believe you've mistakenly created a local account, disable it (but
don't delete it).
Next, go into Local Users and Groups | Groups | Administrators
In here, you should see "Administrators" and also "MyDomain\Domain Admins".
You may also see a user account here. If it's prefixed by the name of your
domain, then you've correctly set it up. If it just lists a user name,
you've given a local account administrator privileges rather than the domain
account. If so, add the domain account to this group.
One other tip is that it's possible to add "INTERACTIVE" to the local
administrators group, which results in anyone who logs in at the machine
itself is an administrator of that machine, but user accessing it remotely
get no additional rights.
Hope this helps
Oli
"Andrew" <andrew@fredlewis.com> wrote in message
news:ObZay7tJDHA.2148@TK2MSFTNGP12.phx.gbl...
> This company I do work for has a client who needs to be able to install
> programs on his local machine and change things. I give him administrative
> rights on his local machine but when I go into his network properties it
> says the property *** is disabled. The only way I can get it to work is
to
> give him Domain Admin rights and set that as his primary group.
>
> I also have a similiar issue with quickbooks 2001. It only works if the
user
> is a member of the domain admins group and set to primary.
>
> How do I go about these things that need higher level rights without
making
> someone a domain admin?
>
>
- Next message: John Francisco Williams: "Open port for RDP"
- Previous message: Steven L Umbach: "Re: Problem with domain groups on member server"
- In reply to: Andrew: "Local Admin vs Domain Admin problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
