Sign in with
Sign up | Sign in
Your question

BDC Won't Install Because of Admin Permissions

Last response: in Windows 2000/NT
Share
Anonymous
August 1, 2005 6:45:36 AM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

I am trying to install a BDC on Windows NT 4.0 and I'm getting a message
during the install that the administrator whose userid / password I
specified does not have permissions to add or modify user accounts. What
specific permissions is the install referring to? The userid I specified
most certainly does have the ability to create new users.

--
Will
westes AT earthbroadcast.com
Anonymous
August 1, 2005 3:06:40 PM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

What permissions does the userid have? Is he a member
of the global group "domain admins"?

"Will" <DELETE_westes@earthbroadcast.com> wrote in message news...
>I am trying to install a BDC on Windows NT 4.0 and I'm getting a message
> during the install that the administrator whose userid / password I
> specified does not have permissions to add or modify user accounts.
> What
> specific permissions is the install referring to? The userid I specified
> most certainly does have the ability to create new users.
Anonymous
August 1, 2005 3:06:41 PM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

The userid is the domain administrator and yes that userid is in the Domain
Admins group. How do I answer a broad question like "what permissions
does the userid have?" I would have to go determine every possible group
membership and then enumerate them all and include which ones that userid
belongs to.

I was hoping someone here knew which group memberships are required to
overcome this specific install message.

--
Will
westes AT earthbroadcast.com

"Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:eQH3snqlFHA.3336@tk2msftngp13.phx.gbl...
> What permissions does the userid have? Is he a member
> of the global group "domain admins"?
>
> "Will" <DELETE_westes@earthbroadcast.com> wrote in message news...
> >I am trying to install a BDC on Windows NT 4.0 and I'm getting a message
> > during the install that the administrator whose userid / password I
> > specified does not have permissions to add or modify user accounts.
> > What
> > specific permissions is the install referring to? The userid I
specified
> > most certainly does have the ability to create new users.
>
>
Related resources
Anonymous
August 1, 2005 4:03:59 PM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

Do you mean the account you are using is the "administrator" account?
Not sure how hard it is to open the user account properties and click
on member of?
"Will" <DELETE_westes@earthbroadcast.com> wrote in message news:
> The userid is the domain administrator and yes that userid is in the
> Domain
> Admins group. How do I answer a broad question like "what permissions
> does the userid have?" I would have to go determine every possible
> group
> membership and then enumerate them all and include which ones that userid
> belongs to.
>
> I was hoping someone here knew which group memberships are required to
> overcome this specific install message.
Anonymous
August 1, 2005 10:24:57 PM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

Probably I am just missing something. "Members Of" sounds like an Active
Directory tab for Windows 2000. I don't find any similar button in the
User Properties for Windows NT's User Properties for Domain application.

In addition, under Windows 2000, "Members of" is used to enumerate *group*
memberships, not User rights. In this case I did validate that the
Domain Adminstrator account is a member of the groups Domain Admins and
Backup Administrators.

Just to make this less of a guessing game, I also gave the Administrators
group *all* possible User Property rights under Windows NT, and I turned on
Auditing for both success and fail for all actions.

In the EventViewer on the PDC, when the BDC install is taking place, I
clearly see a successful login for the domain administrator, and then some
event that grants lots of rights. I see no event that shows as a failure,
so the PDC at least doesn't see any problems with the requests it is
getting.

The NT 4.0 install however is consistently failing by saying that the
account I am using does not have the right to add or change user accounts.

Maybe I simply don't have some service that must be running on the PDC
started? Does anyone have a list of those services that must be enabled
in order for a PDC and BDC to replicate?

--
Will
Internet: westes AT earthbroadcast.com


"Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:o lKCvHrlFHA.2152@TK2MSFTNGP14.phx.gbl...
> Do you mean the account you are using is the "administrator" account?
> Not sure how hard it is to open the user account properties and click
> on member of?
> "Will" <DELETE_westes@earthbroadcast.com> wrote in message news:
> > The userid is the domain administrator and yes that userid is in the
> > Domain
> > Admins group. How do I answer a broad question like "what permissions
> > does the userid have?" I would have to go determine every possible
> > group
> > membership and then enumerate them all and include which ones that
userid
> > belongs to.
> >
> > I was hoping someone here knew which group memberships are required to
> > overcome this specific install message.
>
>
Anonymous
August 2, 2005 1:42:01 PM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

Hi Will,
Answers inline

"Will" <DELETE_westes@earthbroadcast.com> wrote in message news:
> Probably I am just missing something. "Members Of" sounds like an
> Active
> Directory tab for Windows 2000. I don't find any similar button in the
> User Properties for Windows NT's User Properties for Domain application.

Correct but "groups" is the same thing.

>
> In addition, under Windows 2000, "Members of" is used to enumerate *group*
> memberships, not User rights.

I said permissions which does include user rights. In this case
I was looking to verify the account belonged to the global group
"domain admins."

> In this case I did validate that the
> Domain Adminstrator account is a member of the groups Domain Admins and
> Backup Administrators.

Thank you

>
> Just to make this less of a guessing game, I also gave the Administrators
> group *all* possible User Property rights under Windows NT, and I turned
> on
> Auditing for both success and fail for all actions.

Because the account is a member of the "domain admin"
group it will by default have all of those user rights.

>
> In the EventViewer on the PDC, when the BDC install is taking place, I
> clearly see a successful login for the domain administrator, and then some
> event that grants lots of rights. I see no event that shows as a
> failure,
> so the PDC at least doesn't see any problems with the requests it is
> getting.

Do you have auditing enabled for failed logons?

>
> The NT 4.0 install however is consistently failing by saying that the
> account I am using does not have the right to add or change user accounts.

Have you tried a different account e.g., myaccount/mydomain which is
a member of the global group "domain admins"?

>
> Maybe I simply don't have some service that must be running on the PDC
> started? Does anyone have a list of those services that must be
> enabled
> in order for a PDC and BDC to replicate?

It's not that simple I am afraid. <g> The BDC does have the same service
pack as the PDC? If not the security changes in SP4 would cause an error
like you are seeing..
Anonymous
August 2, 2005 2:11:23 PM

Archived from groups: microsoft.public.windowsnt.misc,microsoft.public.windowsnt.domain (More info?)

I have tried a different userid that is also in Domain Admins, with the same
result. Please note, as I said in the previous post, I am now opening the
Event Viewer on the PDC as I do the install to new hardware for the BDC.
I see a successful logon on the PDC as the domain administrator. I do not
see *any* failure event.

I do have auditing enabled for *all* conditions including Fail on Logon.

Regarding service packs: how can the BDC have anything but SP1? Again, I
am doing the *initial* install of Windows NT 4 to a new machine, using the
original NT 4 CD. Is there a version of NT4 that includes SP4 bundled
together with the installer? I don't see any way I could install a
service pack on a new installation before I have even completed the install.

So if SP4 on the PDC is the cause of this problem, then how did any company
ever install another BDC on their NT4 network once the PDC was running SP4?!

--
Will
westes AT earthbroadcast.com


"Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:uZ1dDd2lFHA.1372@TK2MSFTNGP10.phx.gbl...
> > In the EventViewer on the PDC, when the BDC install is taking place, I
> > clearly see a successful login for the domain administrator, and then
some
> > event that grants lots of rights. I see no event that shows as a
> > failure,
> > so the PDC at least doesn't see any problems with the requests it is
> > getting.
>
> Do you have auditing enabled for failed logons?
>
> >
> > The NT 4.0 install however is consistently failing by saying that the
> > account I am using does not have the right to add or change user
accounts.
>
> Have you tried a different account e.g., myaccount/mydomain which is
> a member of the global group "domain admins"?
>
> >
> > Maybe I simply don't have some service that must be running on the PDC
> > started? Does anyone have a list of those services that must be
> > enabled
> > in order for a PDC and BDC to replicate?
>
> It's not that simple I am afraid. <g> The BDC does have the same service
> pack as the PDC? If not the security changes in SP4 would cause an error
> like you are seeing..
!