Re: Xp Client on NT 4.0 Domain - Local Security too high

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 10/14/03 

Date: Tue, 14 Oct 2003 21:38:11 GMT

You need to add their domain user account to the local administrators group on their
machines, assuming that is what you want. If they just need to change networking
configuration there is a "network configuration operators" local group that you could
add them to instead. --- Steve

"Tom" <tomr@microtrends.com> wrote in message
news:058f01c39294$5cdd2dc0$a101280a@phx.gbl...
> I have six Xp clients that log into a NT 40 domain and
> are just "users". We set up a user account that matches
> the domain account "name/password" so that when the user
> tried to modify network setting locally the account would
> be checked and allowed to modify; local account set to
> admin. Somewhere along the line there's has been a change
> where the new builds (same hardware) are not checking
> this local account and thus the users cannot change
> anything on the local machine without logging in
> locally. I've been checking the local security policy in
> XP but cannot find a "block inheritance" or "enforce" to
> allow these clients access as administrators locally but
> not on the domain.
>
> Any ideas?
>

Relevant Pages

  • Re: Scavenging Machine Acounts in AD
    ... > object is a member of the computer's local Administrators group. ... > to a domain/workgroup) is available is if the domain user account object is> a member of the local Administrators group. ... > A 'regular' domain user account object *should* not be a member of any of> these groups. ... I would like that machines>>account to be either deleted automatically from AD after a set period of>>time of say 60 days or disabled somehow. ...
    (microsoft.public.win2000.active_directory)
  • Re: Scavenging Machine Acounts in AD
    ... A large part of the problem apparently is that the domain user account ... object is a member of the computer's local Administrators group. ... I would like that machines ...
    (microsoft.public.win2000.active_directory)
  • Admin rights on local computer system
    ... On all of our W2K machines, we want all users that log ... account to the local administrators group. ... a "processing of object (username) failed with the ...
    (microsoft.public.win2000.security)
  • Access to performance counters from service
    ... Application has no access to performance counters when run as ... service under domain user account. ... When I run this application as application under the same account the ...
    (microsoft.public.platformsdk.security)
  • Re: Unable to Share Folder
    ... It may look daunting, but if you follow the steps at the links and suggestions below systematically and calmly, you will have no difficulty in setting up your sharing. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ... You do not need to be logged into the same account on all machines and the passwords assigned to each user account can be different; the accounts/passwords just need to exist and match on all machines. ...
    (microsoft.public.windowsxp.general)