local rights and roaming profiles

Panda

Distinguished
Apr 20, 2003
12
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Ive reacently added 3 xp sp2 stations to my 2003 domain. While the
existing XP and all the 2000 pro machines are behaving as expected,
these three are not. I have 2 problems and I'm not sure if they are
related.

The users roaming profile only seems to work if the user is made local
administrator. This is not the case on the other stations.

Even if the domain admins are a member of the local administrator
group, they cannot add non plug and play local printers. again this is
not true of the other stations. I assume it must be some sort of new
GPO option that didnt apply to 2000 (and maybe xp sp1). I have no idea
what the option is.

Does anyone have any ideas and can help?

Many thanks

Sam
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

panda wrote:
> Ive reacently added 3 xp sp2 stations to my 2003 domain. While the
> existing XP and all the 2000 pro machines are behaving as expected,
> these three are not. I have 2 problems and I'm not sure if they are
> related.
>
> The users roaming profile only seems to work if the user is made local
> administrator. This is not the case on the other stations.
>
> Even if the domain admins are a member of the local administrator
> group, they cannot add non plug and play local printers. again this is
> not true of the other stations. I assume it must be some sort of new
> GPO option that didnt apply to 2000 (and maybe xp sp1). I have no idea
> what the option is.
>
> Does anyone have any ideas and can help?
>
> Many thanks
>
> Sam

Roaming profiles aren't compatible between OS versions - did you log into
the XP box as a user who already had a 2000 roaming profile? I'd rename the
roaming profile folder & delete the cached local profile & start over, to
see whether it works. I suspect you have a problem with the profiles
themselves, not permissions. Nobody should need to be an admin to work, and
a domain admin (or similar) account shouldn't have a roaming profile anyway,
in my view...