Re: cannot add local user to local group
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Thu, 18 Oct 2007 10:53:08 +0000 (UTC)
Hello Dkp,
You can control the Local Administrators group with the Restricted Groups Policy. Only accounts, groups in this group will have the local administrator rights. Even the Administrator has to be added to the group to keep his local admin right.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
On Oct 17, 9:35 pm, Meinolf Weber <meiweb(nospam)@gmx.de> wrote:
Hello coder_2007,hi,
Talk to your SYSADMIN. He can give you more infos about the domain
and maybe he is controlling the local administrators group. Then you
can't do it because he can kick outb the local admin "test".
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Hi Meinolf,
Thanks for responding. The local user account is "test" and a
domain name is test, I don't know if there's a user on domain called
test, I doubt if there was one it would cause problems.
Thanks.
"Meinolf Weber" wrote:
Hello coder_2007,
Just to clarify. One local user account "test" and one domain user
"test"
? You add "test" from domain or local, to the local group
"Administrators" ?
The point is, you have two totally different useraccounts with the
same name.
Every user object, doesn't matter if domain account or local, has a
specific
unique Security identifier (SID). So you have to check if the
account
is
member of the domain or the local user account.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
Hi,
I have a similar issue, I create a local user with a user name the
same as our domain, however once I add that user to Administrators
group, the user doesn't appear in Administrators group and the
"Member of" tab is empty. When I attempt to add this local user
to Administrator group again, I get error message that the user is
already a member of group "Administrators" but I can't see the
user in that group. Is there some sort of conflict of a local
user with domain?
Thanks.
"Meinolf Weber" wrote:
Hello Jan,
To come more clear please post the complete domaine name. Also in
a domain you normally work not with local accounts, you work with
domain user accounts, please give some more infos why you will
use local accounts and also why they have to be local admins.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
if we try to add the local computer account 'ABC' to the local
administrators group on a Windows XP PC we receive the message "
'ABC' is already a member of group 'Administrators', which is
not the case as the user has no administrative rights. on
Windows 2000 we do not receive a similar message but the user is
not added to the appropriate group. if we check the group
memberships of user 'ABC' there are no entries.
This happens on every computer that is a member of our active
directory. i assume that this might be a problem as our active
directory netbios domain name is also 'ABC'.
Any ideas how to fix this?
Looks like its a bug on windows side. It is not allowing to add a user
to administrator group with the name same as it netbios domain name.
There is no such settings present on the Domain controller side to
avoid this.
.
- References:
- Re: cannot add local user to local group
- From: Dkp
- Re: cannot add local user to local group
- Prev by Date: Re: cannot add local user to local group
- Next by Date: Re: setup additional domain controller
- Previous by thread: Re: cannot add local user to local group
- Next by thread: Re: Domain Controller backup
- Index(es):
Relevant Pages
|
