Re: Possible security issue??
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 May 2006 12:16:48 -0500
It does sound like it is a Group Policy setting that applies to the computer
and not user since user configuration would not apply to the built in
administrator account. If there are any XP Pro computers in the domain that
you can access run rsop.msc on them and look for any settings for Windows
Updates that may be causing the problem. The settings most likely would be
under computer configuration/administrative templates/windows
components/windows update. Rsop.msc will also show what GPO is applying a
particular setting and be sure to read the full explanation of any settings
that are configured.
If you find a GP setting that may be the issue you would need to move the
computer into a container/OU that does not have the GPO applied to it or
exempt the computer from GPO by filtering permissions for the GPO. If the
setting is configured at the domain level then you could not simply move the
computer into another OU as it would just inherit the GPO settings unless
the OU had a GPO linked to it with those same settings configured. If a GPO
is suspect you could also try to temporarily disable the GPO [NOT delete or
remove link], run gpupdate on the domain controller [or use secedit for
Windows 2000 domain controller], and then reboot the client computer to see
if that fixes the problem or not. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;322176 --- HOW TO:
Administer GPO Properties in Windows 2000 when not using GPMC
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0EB739A1-0BBC-400F-95DF-863C71F85ABA@xxxxxxxxxxxxxxxx
Steven,
It does not work with the local admin account and I'm not seeing any
errors
related to updates in the logs. I ran netdiag on the DC's and everything
passed and looked correct. DNS is setup and clients are pulling the proper
addresses for resolution.
Here is what I've done so far. I joined my personal laptop to the domain
and attempted to install one update. The update downloaded but failed
during
install even though I was able to run updates before joining the domain. I
went to check the event logs and tried to click on the security log and
received the following: Unable to complete the operation on "Security". A
required privilege is not held by the client.
I may not be the man at this stuff yet but I've been swearing that this is
a policy issue being pushed to each user. GP's are still on my to do list
for
training but I feel I'm close to a solution. Any thoughts?
Jeremy
"Steven L Umbach" wrote:
Does it work when the built in local administrator account is used which
is
NOT a domain account? Are there and errors/warnings in the logs that you
can
view via Event Viewer that may indicate a problem with the domain such as
userenv errors? Does running the support tool netdiag on the domain
controller and client computer pass with flying colors showing no major
errors or warnings? Did you verify that the client computer is using ONLY
domain controllers as their preferred/alternate DNS servers in tcp/ip
properties as shown by ipconfig /all and that the domain controller can
be
pinged by name and IP address from the client computer? What error
messages
do the users get if any? -- Steve
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4E7DF6E5-9645-4724-BB63-E71100BAB79D@xxxxxxxxxxxxxxxx
No it does not. Not even if the user is a Domain Admin *shrug*
"Steven L Umbach" wrote:
Does it work when the users domain account is added to the local
administrators group? It should though I would not consider that an
ideal
solution. You can configure updates to be downloaded/installed
automatically
so that the user does not need to be a local administrator. --- Steve
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:17CC7491-FB25-4C6C-9775-B4108825F71A@xxxxxxxxxxxxxxxx
I have a client situation where no one seems to be able to install
windows
updates on their PC's that are joined to the domain. They can
download
them
just fine but they fail during install. The only way to install them
is
to
log in using the administrator account to the domain.
One user even has domain admin rights but he's still unable to
install
the
updates. I thought it might be a policy issue and others are saying
internal
DNS. I have searched and searched but I'm unable to find anything to
go
with
that will resolve this issue.
At first I thought it might have been an issue with a users machine
but
when
I tried to run system restore under his credentials (local admin,
domain
admin) I got a message that he didn't have the appropriate rights to
perform
this action. I could only run it from the administrators (domain)
account.
The PDC is a 2000 server..
Thank you in advance for any help.
Jeremy Johnston
.
- References:
- Re: Possible security issue??
- From: Steven L Umbach
- Re: Possible security issue??
- From: Steven L Umbach
- Re: Possible security issue??
- From: Jeremy
- Re: Possible security issue??
- Prev by Date: Re: Possible security issue??
- Next by Date: Re: Possible security issue??
- Previous by thread: Re: Possible security issue??
- Next by thread: Re: Possible security issue??
- Index(es):
Relevant Pages
|
