Re: No user accounts that are Enterpise Admins can connect to othe
- From: Mike B. <MikeB@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 3 Dec 2006 18:12:00 -0800
Ran the whoami against the user while logged onto a DC. The user is a member
of the Enterprise Admin group and the sid is there.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
enterprise admins is not a member of local servers administrators group,.
only the domain admins group is
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Mike B." <MikeB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C684A5F4-C7AC-420B-9FD1-4DE148D35795@xxxxxxxxxxxxxxxx
I will check for this in the token.
Basically it is from one of the child domains connecting to member servers
in other child domains. Able to UNC to the admin share to domain
controllers in other domains, just member servers.
Thanks!
"Jorge de Almeida Pinto [MVP - DS]" wrote:
are you sure the enterprise admins sid is in the access token? (use
WHOAMI
/GROUPS on a w2k3 server or use SECTOK from joeware.net)
are the enterprise admins member of the local domain administrators
group?
and even most important....WHICH ADMIN$? a DC? a member server? a client?
and in which domain?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Mike B." <MikeB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:54A2A7A3-99AD-4568-B19F-6DCDBADEA1AB@xxxxxxxxxxxxxxxx
Here is a strange one.
Windows 2003 Native Forest.
I have one root domain and four child domains.
In one Child domain, the members of the Child domain's admin group are
members of Enterprise Admins. When these user and the builtin
administrator
account try to UNC to the admin share "c$", these users are promted
with a
Windows Logon window. Even if they input their username and password
it
still prompts them.
Anyone see anything like this before?
- References:
- Re: No user accounts that are Enterpise Admins can connect to other do
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: No user accounts that are Enterpise Admins can connect to othe
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: No user accounts that are Enterpise Admins can connect to other do
- Prev by Date: additional 2003 domain controller
- Next by Date: Re: cant decrypt files
- Previous by thread: Re: No user accounts that are Enterpise Admins can connect to othe
- Next by thread: Re: tranfer DC roles to another DC
- Index(es):
Relevant Pages
|
