Re: Giving local Admin rights to AD 2003 Domain Admin users

Hello Manjula,

see inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hello Manjula,

Please do not email, use the NG, then also other people here can read
what's going on and can help you also.

Hi Meinolf,

Thanks for the prompt reply.
This was a client machine in the doamin and I did a fresh installation
as
the old machine was busted.

after installation, did you add it to the domain or only connect it via switch?


Once I connect the machine to the domain it took the old member name

not possible from itself, you have to specify the name by hand or via automatic installation but the machine will not take it alone.


I used the existing domain account to logged in. This is where I faced
the
problem.
When I logged on to other machines using the same account I could do
admin
tasks, But not when I looged in to this machine.

How is DNS setup in your environment?


How ever I found a work around by adding this domain account as a
member
of local admin group in the machine. That resolves the issue.
BUT the part I dont understand is in other machines this account can
do admin
tasks with out addin the account as a member of local admin.
Any thoughts
Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Hi All,

I had to replace a old PC in a small office which runs AD. I replaced
the machine and add the Machine to the AD as member and it used the
old member name automatically. When I logged in to the domain using
this new machine (as a user) and try to add Printers or users to the
machine, to gives a message that I don't have sufficient privileges.
The user is a member to the Admin group in AD and this account has
local admin rights. But when I logged to local machine or logged as
Domain admin to the machine I could add printers.
This may be a config issue and I am not an AD expert and I need some
advice from any one to overcome the issue.
Thanx Guys,
Manjula



.

Relevant Pages

  • Re: Opinions needed on Windows Administrative Rights
    ... >> CAN'T GIVE USERS ANY RIGHTS! ... Issuing local admin privs is dangerous because: ... A lot of new viruses first go after anti-viruses by stopping the process ...
    (comp.security.misc)
  • Re: Giving local Admin rights to AD 2003 Domain Admin users
    ... Once I connect the machine to the domain it took the old member name and I used the existing domain account to logged in. ... When I logged on to other machines using the same account I could do admin tasks, But not when I looged in to this machine. ... BUT the part I dont understand is in other machines this account can do admin tasks with out addin the account as a member of local admin. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Risks of Local Admin Access on Domain PC?
    ... > says that admin rights are necessary when all that is really needed ... > is write permission to one registry key, then that vendor is way ... >> Quickbooks versions earlier than 99 - need local admin ...
    (microsoft.public.security)
  • Re: Best practice post-install of sbs clients
    ... The admin rights are needed to install software, ... as a local admin on the computer. ...
    (microsoft.public.windows.server.sbs)
  • Re: Win2K AD account rights dont carry through on XP Pro
    ... if you log on to your XP machine as a local admin and enter this at ... except for passwords and accounts. ... > and I have local admin rights. ...
    (microsoft.public.windowsxp.security_admin)
Loading