Re: Trouble with admin access after creating trust.
- From: schmierer2@xxxxxxxxxxxxxxxxxxxxx
- Date: 8 Nov 2006 14:13:35 -0800
Hi again Paul.
You're correct, Domain Admins from the 2003 account is in the
Administrator group on the 2000 Domain.
Because I am part of this domain admin group, I am under the impression
that I would have admin access on the 2000 domain - which I do now if I
log onto the Domain controller, but not when I log onto a PC on the
2000 domain. On the PC I can't even access the local disk management
or defragmenter.
This is where my problem is, logically to me and you as you say above,
being a part of the Administrators domain group should give me 'admin'
access on the local PC - which it isn't, and I don't know why.
Perhaps we're still not connecting on our points, can you possibly give
me a step by step instruction on how you would grant domain admins
access from one domain into a trusted domain, so that they can log on
the PCs in the trusted domain and have full access?
Regards,
Owen.
Paul Bergson [MVP-DS] wrote:
You belong to the "Administrators" group, but what does that mean? You are
provided acess to security that the Administrators have been given access
to, that doesn't mean you are logged on as an administrator.
Look at something that you are trying to gain access to and see if the
Administrators group has been provided access to it.
Take a couple of minutes and read the below, I think you will better
understand my point.
http://www.microsoft.com/technet/technetmag/issues/2006/03/WindowsConfidential/default.aspx
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
<schmierer2@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1162945845.056520.57110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
My apologies, it's still not giving me administrator access, I was
logged onto the wrong domain.
Situation still exists - on the 2000 domain, I log on with an account
from the 2003 domain yet I recieve no admin permissions.
I have added Domain Admins from the 2003 domain into the builtin
Administrators group on the 2000 Domain.
schmierer2@xxxxxxxxxxxxxxxxxxxxx wrote:
I'm not talking about the local group on the PC. I'm talking about the
domain group called Administrators, which is a local built in group. I
added the domain admins group from the 2003 domain to it (on the 2000
domain) but it wouldn't work.
Weird thing though, come in today and it is working. Nothing has
changed...but I don't see how it would need 2 days to replicate
permissions or whatever it does.
Paul Bergson [MVP-DS] wrote:
You should have local admin access on the local machine, but you won;t
have
any special privleges at all in the domain.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
<schmierer2@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1162851813.710255.278010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks Paul. I actually want domain access in the 2000 domain, with
an
account from the 2003 domain. I did add my domain 2003 admin account
into the 2000 local administrator group, but when I log on the 2000
domain with that account I don't get admin access.
I can't do what you said though because the domain admin group won't
allow users/groups to be added from another domain, which is why I
needed to add it to the administrators local group.
Cheers,
Owen.
Paul Bergson [MVP-DS] wrote:
You don't by default have admin credentials in this domain, they
have to
be
added. Have the admin from the 2000 domain add your 2003 id in to
the
domain admins group.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
<schmierer2@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1162772138.516628.315630@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi guys. I'm sure there is something simple that I'm not doing
properly but I'm looking for some help.
I've created a trust (two way) from a 2003 domain to a 2000 domain
and
the trust works fine. I can log on the 2000 domain with an
account
from my 2003 domain no problem. I have added an admin global
group
from the 2003 domain into the local Administrators group on the
2000
domain... my problem is that when I log onto the 2000 domain with
an
account from the 2003 domain then I don't have admin access.
Am I doing something wrong?
Thanks very much,
Owen.
.
- Follow-Ups:
- Re: Trouble with admin access after creating trust.
- From: Paul Bergson [MVP-DS]
- Re: Trouble with admin access after creating trust.
- References:
- Trouble with admin access after creating trust.
- From: schmierer2
- Re: Trouble with admin access after creating trust.
- From: Paul Bergson [MVP-DS]
- Re: Trouble with admin access after creating trust.
- From: schmierer2
- Re: Trouble with admin access after creating trust.
- From: Paul Bergson [MVP-DS]
- Re: Trouble with admin access after creating trust.
- From: schmierer2
- Re: Trouble with admin access after creating trust.
- From: schmierer2
- Re: Trouble with admin access after creating trust.
- From: Paul Bergson [MVP-DS]
- Trouble with admin access after creating trust.
- Prev by Date: Permissions across 2 Forrest
- Next by Date: Re: Move to a new server
- Previous by thread: Re: Trouble with admin access after creating trust.
- Next by thread: Re: Trouble with admin access after creating trust.
- Index(es):
Relevant Pages
|
