Re: When is an Admin not an Admin?

From: Randall Arnold (rarnold_at_kmalp.com)
Date: 08/06/03 

Date: Wed, 6 Aug 2003 09:15:26 -0500

Thanks Roger.

I made sure I was in Domain Admins on the W2K server, and checked both the
server and local machine policies, but I still can't find anything that's
preventing me from having Admin rights on the workstation while logged in as
a domain user. Everything *seems* to be okay. The really weird thing is,
every thing was fine when I first received the PC from IBM-- this has only
been an issue since the hard drive was replaced and I set the box back up
again (using recovery CD). As far as I know, nothing has changed in DNS
except that I resolved an error involving WINS... but that was actually
before this box had to be serviced.

This is really strange. I'll go bald trying to figure it out!

-Randall

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:Om0dbs$WDHA.1620@TK2MSFTNGP12.phx.gbl...
> First, it sounds like you may have a DNS issue, indicated by
> > I also can't even add domain-based users and groups
> > while logged into the workstation; it doesn't see them.
> assuming that the machine is indeed joined to the domain.
>
> All of your domain members should use only the DNS servers
> that support the AD zones, and when the support tools utility
> netdiag
> is run on the DC it should not report any failures.
>
> Now, at one point you mentioned using an account that is
> in the Administrators group of the domain and it not having
> admin rights on the local machine. By default Domain Admins
> are local Administrators but the domain Administrators group
> members are not necessarily Administrators on local machines.
>
> Beyond all of this, be aware that there are some brain dead
> third party applications that do not correctly recognize that an
> account is an admin (check vendor website for fix).
>
>
> "Randall Arnold" <rarnold@kmalp.com> wrote in message
> news:el6Jwl5WDHA.1204@TK2MSFTNGP12.phx.gbl...
> > I'm trying to get a handle on Windows XP Pro's way of managing
permissions
> > and having a poor time of it.
> >
> > For lack of true IT department, I am the de facto network Admin of our
> > company and am a member of the Administrators group on our Windows 2000
> > Server. However, when I log onto the local domain as either
Administrator
> > or my regular User ID, the XP client doesn't recognize me as an Admin.
I
> > have to log onto the machine itself (using either name) in order to
> install
> > software, access restricted folders, etc. Some programs *will* allow me
> to
> > use "Run as..." and enter the domain\Admin name in order to install, but
> > others fail to recognize server shares, thus forcing me to log out of
the
> > domain and onto the workstation. I also can't even add domain-based
users
> > and groups while logged into the workstation; it doesn't see them. This
> is
> > getting to be a pain.
> >
> > I had thought that when the XP box was joined to a domain it inherited
the
> > policies from the server via Active Directory. This does not seem to
the
> > the case, even though I've tried to force the issue by granting myself
> every
> > possible privilege I can think of.
> >
> > Overlooking my obvious thick-headedness, can anyone explain to me what I
> > need to do to get each XP client to recognize the LAN Admin as THE Admin
> > (ie, "GOD") with full rights to everything?
> >
> > Thanks,
> >
> > Randall Arnold
> >
> >
>
>

Relevant Pages

  • Re: exdeploy dsscopescan problem
    ... it is a small lab testing setup so it is very simple - one wins dns server ... resolve machine names and domain names backwards and forwards and, ... >> service admin rights to all exchange site and configuration levels and to ... >> usrmgr on the local machine, the account in the administrators group says ...
    (microsoft.public.exchange.setup)
  • Re: When is an Admin not an Admin?
    ... > I also can't even add domain-based users and groups ... admin rights on the local machine. ... are local Administrators but the domain Administrators group ... account is an admin. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Secure host newbie - fun - humm
    ... decision, as the admin, whether or not to take down the server. ... Listen, as a security specialist, I *know* that every single box that I, ... some level of risk and that there is no "100% I'm secure" level. ...
    (Security-Basics)
  • Re: Server Operator Role
    ... domain admin and then keep in mind that a domain admin can get Enterprise Admin ... Joe Richards Microsoft MVP Windows Server Directory Services ... The server operator role allows ... the group cannot run the TS Policy. ...
    (microsoft.public.win2000.active_directory)
  • Re: Two Server Setup Question.
    ... That external trust factor thing ... get your admin domain up first. ... Microsoft Certified Trainer, Microsoft MVP - Windows ... Microsoft Windows & SQL Server Advisory Panel Member ...
    (microsoft.public.windows.server.setup)