Re: Joining Domain gives user limited rights
- From: Tomasz Onyszko <T.Onyszko_nospam_@xxxxxx>
- Date: Thu, 09 Jun 2005 00:11:48 +0200
Garry Bargsley wrote:
1.) Image the computer. 2.) Join computer to the Domain and reboot. 3.) Logon to the computer with a domain account pointed to the domain. 4.) The logon process takes about 25 minutes. Problem number one.
Check your DNS settings - DNS in client configuration should point to the DNS server which holds DNS data for your AD domain
5.) Once logged in, the user has limited rights, cannot even open the clock on the systray. 6.) The user we are using apart of the Domain Users group on the active directory. 7.) If I add the user to the local computers as an administrator then everything works fine. This is not acceptable because we cannot do that for 600+ computers. In my mind, that defeats the purpose of Active Directory if you ask me.
You can add all this users as local administrators with single point in GPO using restricted groups. Did this repair your trust in AD concept :)?
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/156780ef-eb36-4433-b3fe-1b1a15c18f6a.mspx http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
-- Tomasz Onyszko http://www.w2k.pl .
- References:
- Joining Domain gives user limited rights
- From: Garry Bargsley
- Joining Domain gives user limited rights
- Prev by Date: Joining Domain gives user limited rights
- Next by Date: Need "lessons learned" on using GPMC to migrate OUs, GPOs
- Previous by thread: Joining Domain gives user limited rights
- Next by thread: Re: Joining Domain gives user limited rights
- Index(es):
Relevant Pages
|
