Re: Administrator can't change security
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Apr 2006 10:48:53 -0500
I can understand your frustration in learning a new operating system. When a
computer is a member of a domain you can logon to the "local" computer and
authenticate as a local computer user shown via lusrmgr.msc or logon to the
"domain" via accounts that are shown in Active Directory Users and
Computers. In default configuration any user that is shown in the "local"
administrators group on the domain member can configure permissions on any
folder on the computer with the possible exception of user profile folders
other than his own account that are shown under documents and settings. You
can use the command net localgroup administrators to see membership in the
"local" administrators group on the domain member.
If you are sure you are logged on as a user that is in the local
administrators group and can not manage folders then check the permissions
on the folders to see if "administrators" have full control though I can't
imagine why that would change based on domain/workgroup and if not you can
give administrators full control though you may need to take ownership first
and then grant administrators full control. Also if your Active Directory
DNS is not configured then all sorts of weird problems will arise as member
computers can not reliably contact a domain controller. See the first link
below on how DNS MUST be configured in Active Directory and then use the
support tool on at least your PDC fsmo domain controller and netdiag on your
domain controller and member server to see if any related problems are found
such as DNS, dc discovery, kerberos, domain membership, trust/secure channel
and also check the logs via Event Viewer that may also indicate such
problems particularly for userenv errors. Support tools are on the install
disk for the appropriate operating system in the support/tools folder. The
links below may be helpful. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --- AD
DNS FAQ
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418 --- applies
to Windows 2003 as for XP Pro with simple file sharing disabled.
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421
<addoty@xxxxxxxxx> wrote in message
news:1144851659.208766.45460@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sorry, I'm a little confused and this is hard to explain. I'm in the
process of moving from Netware to Windows so please pardon my basic
questions.
I'm signing on as Administrator on a second Windows 2003 server that is
a member of the domain. It doesn't matter if I signon as Administrator
on the "local" domain on the second server or as Administrator of the
actual domain controller on the secon server, I cannot make any changes
to the security setting of certain folders. If I remove the second
server from the domain back to a workgroup, I can make the changes.
I have disabled all policies on the domain controller.
Your comment...
"If you mean that the user is logging onto the domain instead of local
computer you will need to add the user's "domain" account to the local
administrators group on the member server."
There is an Administrator account already in the Users folder in
"Active Directory Users and Computers" on the domain controller server.
It is a member of Administrators, Domain Admins, and a few more. How
can I add another Administrator account?
Thanks for any help,
AD
.
- References:
- Administrator can't change security
- From: addoty
- Re: Administrator can't change security
- From: Steven L Umbach
- Re: Administrator can't change security
- From: addoty
- Administrator can't change security
- Prev by Date: Re: deleting cached servers/IPs from RDP?
- Next by Date: Re: deleting cached servers/IPs from RDP?
- Previous by thread: Re: Administrator can't change security
- Next by thread: restricting user to control of one service?
- Index(es):
Relevant Pages
|
