Windows 200 server
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
I have a network with domain usig Win 2k server.
I have anew workstation using XP pro sp2. I have created a user account on
the server and the workstation locally for the same user giveing them Admin
rights. However when I login under the domain, it will not allow the user to
install software, only when they are logged in locally.
I need this user to have admin rights for a special sofwtare install, that
the 'Install as Admin.." function does not suffice.
What would be blocking this user for full admin rights on the machine whn
logged in under the domain, even though they are an administrator of the
domain..
I have a network with domain usig Win 2k server.
I have anew workstation using XP pro sp2. I have created a user account on
the server and the workstation locally for the same user giveing them Admin
rights. However when I login under the domain, it will not allow the user to
install software, only when they are logged in locally.
I need this user to have admin rights for a special sofwtare install, that
the 'Install as Admin.." function does not suffice.
What would be blocking this user for full admin rights on the machine whn
logged in under the domain, even though they are an administrator of the
domain..
More about : windows 200 server
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
>I have created a user account on
>the server
This is the domain account. It takes affect when this user logs onto the
domain instead of the local computer.
>and the workstation locally for the same user giveing them Admin
>rights.
This is the users local account. It takes affect when the users selects "log
on to this computer" from the drop down list where the domain is listed when
you go to enter a username and password.
You want the user to log onto the domain and be administrator on this PC,
add their domain account to the local admin group. From their computer when
you go to "add" their account to the admin group change the "location" to
point to your domain and you will get a list of the domain accounts. Find
and add their account from the domain.
hth
DDS W 2k MVP MCSE
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:14CE3C21-AD80-4DFD-BB61-8EE286183C76@microsoft.com...
>I have a network with domain usig Win 2k server.
> I have anew workstation using XP pro sp2. I have created a user account on
> the server and the workstation locally for the same user giveing them
> Admin
> rights. However when I login under the domain, it will not allow the user
> to
> install software, only when they are logged in locally.
> I need this user to have admin rights for a special sofwtare install, that
> the 'Install as Admin.." function does not suffice.
> What would be blocking this user for full admin rights on the machine whn
> logged in under the domain, even though they are an administrator of the
> domain..
>I have created a user account on
>the server
This is the domain account. It takes affect when this user logs onto the
domain instead of the local computer.
>and the workstation locally for the same user giveing them Admin
>rights.
This is the users local account. It takes affect when the users selects "log
on to this computer" from the drop down list where the domain is listed when
you go to enter a username and password.
You want the user to log onto the domain and be administrator on this PC,
add their domain account to the local admin group. From their computer when
you go to "add" their account to the admin group change the "location" to
point to your domain and you will get a list of the domain accounts. Find
and add their account from the domain.
hth
DDS W 2k MVP MCSE
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:14CE3C21-AD80-4DFD-BB61-8EE286183C76@microsoft.com...
>I have a network with domain usig Win 2k server.
> I have anew workstation using XP pro sp2. I have created a user account on
> the server and the workstation locally for the same user giveing them
> Admin
> rights. However when I login under the domain, it will not allow the user
> to
> install software, only when they are logged in locally.
> I need this user to have admin rights for a special sofwtare install, that
> the 'Install as Admin.." function does not suffice.
> What would be blocking this user for full admin rights on the machine whn
> logged in under the domain, even though they are an administrator of the
> domain..
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
From: "Scott" <Scott@discussions.microsoft.com>
| I have a network with domain usig Win 2k server.
| I have anew workstation using XP pro sp2. I have created a user account on
| the server and the workstation locally for the same user giveing them Admin
| rights. However when I login under the domain, it will not allow the user to
| install software, only when they are logged in locally.
| I need this user to have admin rights for a special sofwtare install, that
| the 'Install as Admin.." function does not suffice.
| What would be blocking this user for full admin rights on the machine whn
| logged in under the domain, even though they are an administrator of the
| domain..
Are tou sure the Domain User group is a member of the local Adnministrators group, rather
than the specific user ?
If you create a user on the PC it is ONLY a local user account. When you participate in a
Domain it is a separate account on that PC.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
From: "Scott" <Scott@discussions.microsoft.com>
| I have a network with domain usig Win 2k server.
| I have anew workstation using XP pro sp2. I have created a user account on
| the server and the workstation locally for the same user giveing them Admin
| rights. However when I login under the domain, it will not allow the user to
| install software, only when they are logged in locally.
| I need this user to have admin rights for a special sofwtare install, that
| the 'Install as Admin.." function does not suffice.
| What would be blocking this user for full admin rights on the machine whn
| logged in under the domain, even though they are an administrator of the
| domain..
Are tou sure the Domain User group is a member of the local Adnministrators group, rather
than the specific user ?
If you create a user on the PC it is ONLY a local user account. When you participate in a
Domain it is a separate account on that PC.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Thanks Dave,
Are you saying you can make the Domain user group, in this case
Administrators on the domain, a member of the local Administrators group? on
the local machine.
If so how do I do this.
Regards.
Scott
"David H. Lipman" wrote:
> From: "Scott" <Scott@discussions.microsoft.com>
>
> | I have a network with domain usig Win 2k server.
> | I have anew workstation using XP pro sp2. I have created a user account on
> | the server and the workstation locally for the same user giveing them Admin
> | rights. However when I login under the domain, it will not allow the user to
> | install software, only when they are logged in locally.
> | I need this user to have admin rights for a special sofwtare install, that
> | the 'Install as Admin.." function does not suffice.
> | What would be blocking this user for full admin rights on the machine whn
> | logged in under the domain, even though they are an administrator of the
> | domain..
>
> Are tou sure the Domain User group is a member of the local Adnministrators group, rather
> than the specific user ?
>
> If you create a user on the PC it is ONLY a local user account. When you participate in a
> Domain it is a separate account on that PC.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Thanks Dave,
Are you saying you can make the Domain user group, in this case
Administrators on the domain, a member of the local Administrators group? on
the local machine.
If so how do I do this.
Regards.
Scott
"David H. Lipman" wrote:
> From: "Scott" <Scott@discussions.microsoft.com>
>
> | I have a network with domain usig Win 2k server.
> | I have anew workstation using XP pro sp2. I have created a user account on
> | the server and the workstation locally for the same user giveing them Admin
> | rights. However when I login under the domain, it will not allow the user to
> | install software, only when they are logged in locally.
> | I need this user to have admin rights for a special sofwtare install, that
> | the 'Install as Admin.." function does not suffice.
> | What would be blocking this user for full admin rights on the machine whn
> | logged in under the domain, even though they are an administrator of the
> | domain..
>
> Are tou sure the Domain User group is a member of the local Adnministrators group, rather
> than the specific user ?
>
> If you create a user on the PC it is ONLY a local user account. When you participate in a
> Domain it is a separate account on that PC.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Related ressources
- Event ID 5513 windows 200 server Netlogon. - Forum
- logon script only for terminal server sessions windows 200 .. - Forum
- logon script only for terminal server sessions windows 200 .. - Forum
- Home server build $ 200 ish - Forum
- Windows 200 Server terminal server profiles - Forum
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
From: "Scott" <Scott@discussions.microsoft.com>
| Thanks Dave,
|
| Are you saying you can make the Domain user group, in this case
| Administrators on the domain, a member of the local Administrators group? on
| the local machine.
| If so how do I do this.
|
| Regards.
| Scott
Throuogh the Control Panel Users and Passwords applet or scripted using NET.EXE
The sub command; net localgroup
to get the syntax execute in a command prompt; net localgroup /?
Example:
net localgroup administrators "Domain_Name\Domain_Group" /add
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
From: "Scott" <Scott@discussions.microsoft.com>
| Thanks Dave,
|
| Are you saying you can make the Domain user group, in this case
| Administrators on the domain, a member of the local Administrators group? on
| the local machine.
| If so how do I do this.
|
| Regards.
| Scott
Throuogh the Control Panel Users and Passwords applet or scripted using NET.EXE
The sub command; net localgroup
to get the syntax execute in a command prompt; net localgroup /?
Example:
net localgroup administrators "Domain_Name\Domain_Group" /add
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
In article <652D68FF-D8D7-4F30-B2C3-7DD2534F7998@microsoft.com>,
Scott@discussions.microsoft.com says...
> Thanks Dave,
>
> Are you saying you can make the Domain user group, in this case
> Administrators on the domain, a member of the local Administrators group? on
> the local machine.
> If so how do I do this.
Open the LOCAL administrators group on the workstation, add the domain
users account to it - this is a very bad idea, it means that users can
do anything they want to the local computers - this is a change of last
resort and should be avoided at all costs - it violates most security
norms.
--
spam999free@rrohio.com
remove 999 in order to email me
In article <652D68FF-D8D7-4F30-B2C3-7DD2534F7998@microsoft.com>,
Scott@discussions.microsoft.com says...
> Thanks Dave,
>
> Are you saying you can make the Domain user group, in this case
> Administrators on the domain, a member of the local Administrators group? on
> the local machine.
> If so how do I do this.
Open the LOCAL administrators group on the workstation, add the domain
users account to it - this is a very bad idea, it means that users can
do anything they want to the local computers - this is a change of last
resort and should be avoided at all costs - it violates most security
norms.
--
spam999free@rrohio.com
remove 999 in order to email me
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Thanks Leythos,
This is for a special install for this user only.
I could then remove this doamin users group from the local workstation again
after I have completed the installl couldn't I?
Scott
"Leythos" wrote:
> In article <652D68FF-D8D7-4F30-B2C3-7DD2534F7998@microsoft.com>,
> Scott@discussions.microsoft.com says...
> > Thanks Dave,
> >
> > Are you saying you can make the Domain user group, in this case
> > Administrators on the domain, a member of the local Administrators group? on
> > the local machine.
> > If so how do I do this.
>
> Open the LOCAL administrators group on the workstation, add the domain
> users account to it - this is a very bad idea, it means that users can
> do anything they want to the local computers - this is a change of last
> resort and should be avoided at all costs - it violates most security
> norms.
>
>
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
>
Thanks Leythos,
This is for a special install for this user only.
I could then remove this doamin users group from the local workstation again
after I have completed the installl couldn't I?
Scott
"Leythos" wrote:
> In article <652D68FF-D8D7-4F30-B2C3-7DD2534F7998@microsoft.com>,
> Scott@discussions.microsoft.com says...
> > Thanks Dave,
> >
> > Are you saying you can make the Domain user group, in this case
> > Administrators on the domain, a member of the local Administrators group? on
> > the local machine.
> > If so how do I do this.
>
> Open the LOCAL administrators group on the workstation, add the domain
> users account to it - this is a very bad idea, it means that users can
> do anything they want to the local computers - this is a change of last
> resort and should be avoided at all costs - it violates most security
> norms.
>
>
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
>
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
In article <A0BF13A3-2B87-4211-98BC-1C832D03734A@microsoft.com>,
Scott@discussions.microsoft.com says...
> Thanks Leythos,
>
> This is for a special install for this user only.
>
> I could then remove this doamin users group from the local workstation again
> after I have completed the installl couldn't I?
Why not just add that DOMAIN users name as in domain\john smith and then
you can leave it for John, but none of the others will have that
permission.
We do this with a single account we create just for allowing a single
user account to logon and install updates - we create an INSTALLER user
that is a domain user, make it a member of the LOCAL ADMINISTRATORS
group, change the password between updates. This means we can tell
select people the INSTALLER password when they need to do updates, but
they can't log onto the server (as a domain user account) with it - they
can install the updates and then we change the password so they can't
use it again. We also set the domain policy so that the locally cached
profiles are deleted when they log off.
--
spam999free@rrohio.com
remove 999 in order to email me
In article <A0BF13A3-2B87-4211-98BC-1C832D03734A@microsoft.com>,
Scott@discussions.microsoft.com says...
> Thanks Leythos,
>
> This is for a special install for this user only.
>
> I could then remove this doamin users group from the local workstation again
> after I have completed the installl couldn't I?
Why not just add that DOMAIN users name as in domain\john smith and then
you can leave it for John, but none of the others will have that
permission.
We do this with a single account we create just for allowing a single
user account to logon and install updates - we create an INSTALLER user
that is a domain user, make it a member of the LOCAL ADMINISTRATORS
group, change the password between updates. This means we can tell
select people the INSTALLER password when they need to do updates, but
they can't log onto the server (as a domain user account) with it - they
can install the updates and then we change the password so they can't
use it again. We also set the domain policy so that the locally cached
profiles are deleted when they log off.
--
spam999free@rrohio.com
remove 999 in order to email me
Related ressources:
- ForumWindows home server OP
- ForumCan I Install a Guest OS WIN 200 Server
- ForumServer X7DBE support Windows 2008 r2
- ForumMinecraft Server build ~$ 200
- ForumWindows server 2008 is not connected with the internet
- Forum< 200 ; for server /trying new things
- ForumI using win 2003 server as DC and 200 clients as winxp.
- ForumI using win 2003 server as DC and 200 clients as winxp.
- ForumAdvice? File Server / HTPC with 8 HDDs
- Forum<<$ REDUCTION 4U Supercomputing Server 2x GPUs 2x 6-core intel $8K OBO
- ForumNew Server or an SSD HELP!
- ForumHELP!!! Please with Windows XP
- Forumcannot enable windows firewall in XP SP2
- Forumrename administrator account on windows xp home
- ForumWindows Firewall
- More resources
Read discussions in other Windows XP categories
!
