Re: Workaround for 0x8007045A (!)
From: Tony Vaughan (TonyVaughan_at_discussions.microsoft.com)
Date: 09/20/04
- Next message: ruby: "RE: Spell Check in Outlook Express 6.0"
- Previous message: Del Hilling Jr.: "Dekup caused an invalid fault: in Win98 Bootup!"
- In reply to: Torgeir Bakken \(MVP\): "Re: Workaround for 0x8007045A (!)"
- Next in thread: Torgeir Bakken \(MVP\): "Re: Workaround for 0x8007045A (!)"
- Reply: Torgeir Bakken \(MVP\): "Re: Workaround for 0x8007045A (!)"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Sep 2004 09:15:04 -0700
Hi Torgeir
Now we know the area of the problem, I can download updates by logging off
from the domain user of the machine and logging on as administrator of the
machine. However, nothing I have tried by adding group rights to the domain
user has made WU5 work when logged on as a domain user even when the domain
user has administrator rights.
Does anyone know why this is? Bye the way, I couldn't find a group user with
NT AUTHORITY\Interactive. Shouldn't NT AUTHORITY\Authenticated Users have
been enough? It isn't obvious to me what is going on here.
Tony
"Torgeir Bakken (MVP)" wrote:
> Tony Vaughan wrote:
>
> > I've just been chatting to a mate of mine who really knows what he is doing
> > when it comes to network configuration. Now, if you used to use SBS under NT4
> > and you created a domain user for a workstation as an administrator, the
> > domain user would have full administration rights to the local machine. My
> > mistake was to think that SBS 2000 and SBS 2003 did the same even though you
> > will notice that they introduced templates. It would now seem that when you
> > create a user as a template administrator you are giving that user
> > administrative rights to the domain but not the local machine, as your
> > observation proved.
> >
> > So, what is the solution? I tried to give the domain user access rights to
> > the local machine by going into Computer Management and selecting 'Local
> > Users and Groups' and adding Domain Users to the list. However, under SP2
> > this didn't work so I am about to test this with a machine that doesn't have
> > SP2 installed. I'll let you know how that goes.
> Hi
>
> We add "NT Authority\Interactive" in the local Administrators group
> to let all domain users automatically be local admins when they log
> on to a computer interactively (works fine for SP2 as well).
>
> This is more secure than adding "Authenticated Domain users ",
> "Domain Users" or "NT AUTHORITY\Authenticated Users" (or a group
> that contains all users as you have) because you avoid the issue
> with cross network admin rights (remote access) between the
> computers that these groups introduces.
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>
- Next message: ruby: "RE: Spell Check in Outlook Express 6.0"
- Previous message: Del Hilling Jr.: "Dekup caused an invalid fault: in Win98 Bootup!"
- In reply to: Torgeir Bakken \(MVP\): "Re: Workaround for 0x8007045A (!)"
- Next in thread: Torgeir Bakken \(MVP\): "Re: Workaround for 0x8007045A (!)"
- Reply: Torgeir Bakken \(MVP\): "Re: Workaround for 0x8007045A (!)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
