RE: Question for the higher level techs - Logon authent'n for services

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Well,

First of all, using domain admin credintials in all operations is a bad
idea, instead, you can create a domain user for you and give it the
permissions you need.

2nd, make sure that the group/ user/ or whatever you are doing changes on,
make sure that the admin account is listed in the DACL of this user/group/...

3rd. make sure about being not removed from admins group (it couldnt be),
but just to make sure of everything.

4th. make sure that there are no conflicts on domain policies that can make
a conflict on permissions

5th. important to note that deny permission is always override allow
permission.

"OverWorked-Underpaid" wrote:

> I've noticed this a few times in W2003 Server now and haven't had to worry
> about it until now. What happens is I am logged on to a member server as a
> domain administrator and I may make a change to the local computer policy or
> local users and groups and in doing so I get asked to enter the name and
> password of a user on the domain that is authorized to make such changes.
> Well I am already logged on as an authorized user (domain admin) yet it still
> asks me. I can provide the same username and password as the one that I am
> currently logged on as and it works and makes the changes.
>
> Why is this and how do I resolve this?
>
> How does this affect me? Well I have just added a service that manages a
> scheduled application (Legato) and in order for it to run the service needs
> to "Log on -Using this account". Well I set it to use the domain admin
> account that I am currently using, but it doesn't work. When I force the
> scheduled task to run it will begin to run, but it pops up the logon box
> asking me to provide a username and password again.
>
> This scheduled task needs to run unattended and running it using the "System
> Account" is not an option.
>
> Does anyone have any ideas?
>
> --
> OverWorked-Underpaid
.

Relevant Pages

  • Re: Domain Administrator permissions problem
    ... account has been set to deny access somewhere. ... I had already checked the share level permissions and had ... The Read Only on shares is a by default thing with Server 2003. ... The domain admin account can open text files. ...
    (microsoft.public.windows.server.general)
  • Re: Domain Admins missing in GAL - AdminSDHolder?
    ... Giving our own accounts domain admin permissions makes things easier. ... Those users should have "normal" account with mailbox etc ... for daily tasks and account with domain admin privileges to perform ...
    (microsoft.public.windows.server.active_directory)
  • Creating a Service Account that will access WMI / LDAP information
    ... I currently am using my Domain Admin account to run a scheduled task. ... on each DC and memeber server? ...
    (microsoft.public.windows.server.general)
  • Question for the higher level techs - Logon authentn for services
    ... I've noticed this a few times in W2003 Server now and haven't had to worry ... Well I am already logged on as an authorized user (domain admin) yet it still ... account that I am currently using, ... This scheduled task needs to run unattended and running it using the "System ...
    (microsoft.public.windows.server.general)
  • Re: Domain Admin Server 2003
    ... > assigned to it to reflect delegation permissions. ... > that are members of a privileged account do not have " allow inheritable ... >>I no longer have Domain Admin rights and I am not in a privileged group. ...
    (microsoft.public.security)