Re: WinXP computer not authenicating properly on Win2k Domain Controller
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 05/06/04
- Next message: Trust No One: "Application of MS04-011 - missing SRV records on DCs - GC failures"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Distrubute a Corporate Screensaver"
- In reply to: plunck: "Re: WinXP computer not authenicating properly on Win2k Domain Controller"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 6 May 2004 09:39:13 -0400
Plunck,
Glad that we were able to resolve the majority of the problems.
The problem with accessing other resources is probably a group membership /
permissions thing. You have to make sure that whatever this useraccount is
trying to access is available to it.
If you made this user account a member of the Domain Admins group then that
user account should be able to sit down at any WIN2000 or WIN XP system -
that is a member of the domain - and have complete access to everything (
assuming the default settings ). By default, the Domain Admins group is
added to every WIN2000 and WIN XP domain computer account's local
Administrators group. If this is not the case see what happens with the
domain Administrator account. If that does not work then look to see if
you have created a Restricted Groups GPO....
As for accessing the user's 'home directories' this could also be a group
membership thing. What are the permissions that are set on each user's
'home folder'? How about the shared folder in which all of the user's home
folders are located? Can the domain Administrator account access them?
Take a look at these things.
HTH,
Cary
"plunck" <atrainphoto@yahoo.com> wrote in message
news:1b85c51e.0405060505.77f9d572@posting.google.com...
> atrainphoto@yahoo.com (plunck) wrote in message
news:<1b85c51e.0404291401.5dbb6beb@posting.google.com>...
> > Hi everybody. OK, this may be a dumb question, but I am baffled. I
> > have a windows xp client computer that has been upgraded from win2k.
> > It used to log in to a WinNT4 domain. Recently I moved it to my win2k
> > active directory domain. Now when I logon to that computer, my
> > permissions are all messed up. Meaning, I have created a new user on
> > the win2k domain controller, and added that user to the Administrators
> > group. When I log on to that computer as that user, and log on to my
> > new win2k domain, I am not granted Administrator-level rights. I can't
> > browse to certain system folders, I can't change IP settings, etc. I
> > have even tried adding that user to Domain and Enterprise Admins
> > groups to no avail. Further, when I apply a group policy to the OU
> > that user is in, that policy is not applied to the user. It's almost
> > as if that user is being authenticated and granted permissions locally
> > on that machine instead of from the domain controller, even thought
> > the machine is supposedly logging on to the domain. Has anybody seen
> > this or have any ideas? Thanks, Ken
>
> Cary-thanks for the ideas. The DNS was indeed part of the problem, and
> I have switched that to just point to my DNS server. And the computer
> is logging on to the domain. I added the user to those other groups
> (temporarily) just to grant them all kinds of access to test what they
> could actually see and do. The gpo's are now applying fine, but the
> user still can't access other folders, such as the administrator
> folder or other people's profile folders, on the computer's own hard
> drive. It's saying that the user doesn't have the right security
> settings. hmmmm...
- Next message: Trust No One: "Application of MS04-011 - missing SRV records on DCs - GC failures"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Distrubute a Corporate Screensaver"
- In reply to: plunck: "Re: WinXP computer not authenicating properly on Win2k Domain Controller"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
