local workstation groups on server?
when adding a domain user account to a group under Member Of for the user's properties, how can i add groups from their local workstation machines?
the Look In pull down is greyed out and i can only select the domain name.
basically, i want to give the domain accounts they log into their workstations with local administrative priveleges, but still keep them as Domain Users.
thanks!
the Look In pull down is greyed out and i can only select the domain name.
basically, i want to give the domain accounts they log into their workstations with local administrative priveleges, but still keep them as Domain Users.
thanks!
ASKER
i am logged into the server using the administrator account. i go into the active directory manager and try to add local groups to the domain accounts but cannot, because the Look In pull-down is locked to the domain only... i cannot select a workstation on the network.
thanks!
thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello,
I should rephrase one part :
To avoid visiting each machine you can follow these steps
right click my computer >> manage >> right click "Computer management local" >> "connect to another computer" >>
expand "local users and groups" >> click on "Groups" >> double click "Power Users" >> click "ADD" >> fill in the domain name
I should rephrase one part :
To avoid visiting each machine you can follow these steps
right click my computer >> manage >> right click "Computer management local" >> "connect to another computer" >>
expand "local users and groups" >> click on "Groups" >> double click "Power Users" >> click "ADD" >> fill in the domain name
loyaliser -
what you are trying to do, is not possible through windows 2000- because if it was there would b e no security in windows 2000.
you cannot add a local user object or computer object to a servers local usere groups, you can only add a DOMAIN\SECURITY-GROUP or DOMAIN\USERID to the local groups.
what you are trying to do, is not possible through windows 2000- because if it was there would b e no security in windows 2000.
you cannot add a local user object or computer object to a servers local usere groups, you can only add a DOMAIN\SECURITY-GROUP or DOMAIN\USERID to the local groups.
From the way you are going about thing, i can tell you are from the NT4 administration erra, so here is what you need to do to get you users where they need to be,
First create a UserID in your AD (all referenced to a 2000 Domain will be AD=Active directory)
now go to the PC with the local user you want to have domain rights.
log on as the Local Admin, add the DOMAIN/USERID to the LOCAL ADMINS group (this keeps the user a local admin of this machine while having domain privelages)
logg offf admin, logon as DOMAIN/USERID
loging on to the domain you have three options that have to be filled in
USER ID
Password
DOMAIN (MAKESHURE THIS IS THE DOMAIN AND NOT THE LOCAL PC)
once loged on, you should have a clean desktop, restart the computer and log back on as LOCAL ADMINISTRATOR
right click on MY computer, click the User Profiles click on the COMPUTERNAME\USERID profile
then click [copy to], then browse to the documents and settings > userid.domain
copy it to that folder, then change the "permitted to use" to DOAMIN\USERID
now you can add your DOMAIN\USERID to your servers local groups and not affect any thing fo rthe user
First create a UserID in your AD (all referenced to a 2000 Domain will be AD=Active directory)
now go to the PC with the local user you want to have domain rights.
log on as the Local Admin, add the DOMAIN/USERID to the LOCAL ADMINS group (this keeps the user a local admin of this machine while having domain privelages)
logg offf admin, logon as DOMAIN/USERID
loging on to the domain you have three options that have to be filled in
USER ID
Password
DOMAIN (MAKESHURE THIS IS THE DOMAIN AND NOT THE LOCAL PC)
once loged on, you should have a clean desktop, restart the computer and log back on as LOCAL ADMINISTRATOR
right click on MY computer, click the User Profiles click on the COMPUTERNAME\USERID profile
then click [copy to], then browse to the documents and settings > userid.domain
copy it to that folder, then change the "permitted to use" to DOAMIN\USERID
now you can add your DOMAIN\USERID to your servers local groups and not affect any thing fo rthe user
Thank you, I'm glad you got it working
Make sure you are logged into the domain when trying to do this and
you are using an account that would have the proper permissions to perform this task.
Let us know if this is already the case.