Re: No user accounts that are Enterpise Admins can connect to other do

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
Date: Sun, 3 Dec 2006 13:02:55 +0100

are you sure the enterprise admins sid is in the access token? (use WHOAMI
/GROUPS on a w2k3 server or use SECTOK from joeware.net)
are the enterprise admins member of the local domain administrators group?

and even most important....WHICH ADMIN$? a DC? a member server? a client?
and in which domain?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Mike B." <MikeB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:54A2A7A3-99AD-4568-B19F-6DCDBADEA1AB@xxxxxxxxxxxxxxxx

Here is a strange one.
Windows 2003 Native Forest.
I have one root domain and four child domains.
In one Child domain, the members of the Child domain's admin group are
members of Enterprise Admins. When these user and the builtin
administrator
account try to UNC to the admin share "c$", these users are promted with a
Windows Logon window. Even if they input their username and password it
still prompts them.

Anyone see anything like this before?

Prev by Date: Re: How can users update their own profiles?
Next by Date: Re: Creating Own MSI Packages
Previous by thread: Re: How can users update their own profiles?
Next by thread: Re: No user accounts that are Enterpise Admins can connect to othe
Index(es):
- Date
- Thread

Relevant Pages

Re: New Windows Server 2008 problem
... So on the 2000 DC in ADUC under users container you do not have the "enterprise admins" and "Schema admins" group? ... new server running windows server 2008. ... My plan is to promote the Windows server 2008 to another domain ...
(microsoft.public.windows.server.active_directory)
Re: DCpromo failed! Access Denied
... Do I need an Enterprise admins to add a DC i'm on a child ... >Microsoft MVP Windows Server - Active Directory ... >> DCpromo in a member server I got this error ... >> replicated NO LUCK Still. ...
(microsoft.public.win2000.active_directory)
Re: Cert question
... > are you a member of the root domain domain admins and enterprise admins ... >> The server is a member of an active directory and the account I am ... >> using is a member of both Domain and Enterprise Admins. ...
(microsoft.public.win2000.security)
Global Catalogs not available
... We've run ADPrep to add a 2k3 server to my existing 2k domain and it went a ... After running ADPrep none of the users could not log in (apparently the GC ... enterprise admins (a GC error is generated when you go to view the Ent Admin ...
(microsoft.public.windows.server.active_directory)
Re: DC Admin question
... You can't give him rights to manage that box without him having enough power to escalate all the way to Enterprise Admins. ... It will change a little with Longhorn server sometime at the end of this year but will require you to use Read Only DCs in the WAN sites that you want to do that at. ... Joe Richards Microsoft MVP Windows Server Directory Services ... The problem is that we need to allow our local IT contact to manage user shares, setup printers, etc, but we're not sure how to give him logon rights without making him a domain admin. ...
(microsoft.public.windows.server.security)