Re: Default User Profile Locks Down Admin!

We do not usually give Admin rights locally for our "users". If required, we
do so...but usually we allow the domain controller to assign the appropriate
rights, instead of having user accounts on every machine.

This is an interesting point you bring up there. Perhaps it might work out
more appropriately, if when building the default user profile, we give that
"user base" Admin rights only for building the default user profile.

We'll have to test if after a real "user" logs in, does the Domain
Controller lock them down like it should!

Thanks, we'll test this idea!

"Jim Smith" wrote:

> Are your "users" classified as local administrators on each machine they
> use? If not many software programs will not behave.
>
>
> "Matt Callaghan" <MattCallaghan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:DF51042F-1188-4E7E-A023-AB20615F88C1@xxxxxxxxxxxxxxxx
> > This is also what I've tried. If we create the default user profile top
> > down, we have a problem with a program that acts different as an admin vs.
> > a
> > regular user, so because of this, it's not recommended to build the
> > default
> > user profile top down.
> >
> > The strange part about it is, it's only this ONE TIME so far that we've
> > experienced this. Every other LAN Admin, including myself, builds the
> > default user profile from a restricted user account, and has never had
> > problems.
> >
> > We can't figure out what was done differently in this Image creation that
> > would actually cause such a crazy lockout.
> >
> > (i.e. it makes sense what you say. Since we built the default user
> > profile
> > off a restricted account, the registry settings carry over to the LAN
> > Admin's
> > profile, and thus restrict any LAN Admin who might login...)
> > (HOWEVER: Why has this never happened before? We assume that the domain
> > somehow, should usually override registry settings for the LAN Admin...and
> > give that admin full access....but for some reason it did not happen on
> > this
> > image.)
> >
> > Just wondering WHY! haha.
> >
> > "Jim Smith" wrote:
> >
> >> If I did not misread what you said, you are doing this just backwards
> >> from
> >> what I do.
> >>
> >> I set everything up as I need it in the local administrator profile, then
> >> log on as a domain admin and copy the administrator profile to the
> >> default
> >> user profile.
> >>
> >> You are creating administrator profiles from user accounts that have
> >> lower
> >> priviledges and therefore you are getting access restrictions.
> >>
> >> Try creating profiles from the top down instead for from the bottom up.
> >>
> >> "Matt Callaghan" <MattCallaghan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> >> message
> >> news:59DE7E02-AC4D-422B-82C1-32EDA1416FFE@xxxxxxxxxxxxxxxx
> >> > Hey everyone...I've got a strange problem/question.
> >> >
> >> > Here's the situation.
> >> >
> >> > We're on a Domain "X".
> >> > Setting up a machine with Windows XP Pro SP2 for an Image. OK.
> >> > Everything is about ready to go (Before we SysPrep, and create the
> >> > image
> >> > for
> >> > it), so we begin creating the default user profile.
> >> >
> >> > NOTE: The Domain has user accounts seperated by "users" and
> >> > "administrators".
> >> >
> >> > Creating the Default User Profile:
> >> > Login as a "user" account. Setup everything we need (Drive Mappings,
> >> > Shortcuts, etc etc.). Logout.
> >> > Login as an "admin" account. Delete the current default user profile,
> >> > and
> >> > re-create using the previous login. Correct.
> >> >
> >> > Now, whenever an ADMIN logs in to this machine, and if that admin's
> >> > profile
> >> > is created from the default user profile, the admin is locked down!!!
> >> > It's
> >> > as if the default user profile is over-riding priviledge settings from
> >> > the
> >> > domain!
> >> > (For an example, when an admin who's profile was created from the
> >> > default
> >> > profile attemps to use "Add/Remove Programs", that admin will receive
> >> > the
> >> > error that a USER would normally receive: "Add or Remove Programs has
> >> > been
> >> > restricted. Please check with your Administrator".
> >> >
> >> > Any ideas how to stop this "Priviledge Over-ride" from happening?...or
> >> > what
> >> > we could have done to CAUSE it to happen?
> >> >
> >> > (We've built several other images, and this has never happened before)
> >> >
> >> > We'll probobally just rebuild this one image that is giving us
> >> > troubles,
> >> > but
> >> > we're interested to know WHY it happened.
> >> >
> >> > Thanks!
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: Default User Profile Locks Down Admin!
    ... If we create the default user profile top ... Every other LAN Admin, including myself, builds the ... and thus restrict any LAN Admin who might login...) ... > log on as a domain admin and copy the administrator profile to the default ...
    (microsoft.public.windowsxp.network_web)
  • Re: Managing User Profiles With Group Policies
    ... applied to both user profile and the machine. ... When I am logged in as admin, ... >> down by group policies logged in as an administrator? ... >> UserA is locked down using group policies from a Windows ...
    (microsoft.public.windowsxp.security_admin)
  • Default User Profile Locks Down Admin!
    ... so we begin creating the default user profile. ... Login as an "admin" account. ... profile attemps to use "Add/Remove Programs", ...
    (microsoft.public.windowsxp.network_web)
  • user profile (HELP)
    ... was admin of our computer. ... I also was set up as admid. ... above states (windows can not locate the user profile). ... I was told to set the computer in safe mode by ...
    (microsoft.public.windowsxp.security_admin)
  • Re: User profile - domain related or not?
    ... malware removal forums. ... to domain or malware had messed up the user profile. ... How to join a demain in Windows XP Home Edition ... Susan.Computerroom (admin) ...
    (microsoft.public.windowsxp.setup_deployment)