MeteorGarden
asked on
unaccidentally delete administrator right!!
Dear all,
I'm newbie in win2000 server. I've one windows 2000 server where it store 40 users in AD Users & Computers. When we want to see security of the user - we'll right click properties --> Security Tab.... but i accidentally delete the administrator under security tab, How do i restore back?? because after i remove the administrator, i can't reset the password for that particular users. I need to reset this at server end.
Pls advice.
Thank you.
I'm newbie in win2000 server. I've one windows 2000 server where it store 40 users in AD Users & Computers. When we want to see security of the user - we'll right click properties --> Security Tab.... but i accidentally delete the administrator under security tab, How do i restore back?? because after i remove the administrator, i can't reset the password for that particular users. I need to reset this at server end.
Pls advice.
Thank you.
Go to the parent folder and take ownership as the admin applying all changes to the folders below:
To take ownership of a folder:
Right-click the folder you want to take ownership of, and then click Properties.
Click the Security tab, and then click OK on the Security message (if one appears).
Click Advanced, and then click the Owner tab.
In the Name list, click your user name, Administrator if you are logged in as Administrator, or click the
Administrators group. If you want to take ownership of the contents of that folder, click to select the Replace
owner on subcontainers and objects check box.
Click OK. The following message appears, where folder name is the name of the folder that you want to take ownership of:
You do not have permission to read the contents of directory folder name. Do you want to replace the directory permissions
with permissions granting you Full Control?
All permissions will be replaced if you press Yes.
Click Yes.
Click OK, and then reapply the permissions and security settings that you want for the folder and its contents.
How to Take Ownership of a File
NOTE: You must be logged on to the computer using an account that has administrative privileges.
To take ownership of a file, follow these steps:
Right-click the file you want to take ownership of, and then click Properties.
Click the Security tab, and then click OK on the Security message (if one appears).
Click Advanced, and then click the Owner tab.
In the Name list click Administrator, or click the Administrators group, and then click OK.
The Administrator or Administrators group now owns the file. To change the permissions on the files and folders under
this folder, continue to step 5.
Click Add.
In the Enter the object names to select (examples) list, type the user or group account to which you want to give access
to the file. For example, Administrator.
Click OK.
In the Group or user names list, click the account that you want (for example, Administrator), and then click to select
the check boxes of the permissions that you want to assign that user. For example, Full Control [Allow]. When you are
finished assigning permissions, click OK.
ref: http://support.microsoft.com/?kbid=308421
To take ownership of a folder:
Right-click the folder you want to take ownership of, and then click Properties.
Click the Security tab, and then click OK on the Security message (if one appears).
Click Advanced, and then click the Owner tab.
In the Name list, click your user name, Administrator if you are logged in as Administrator, or click the
Administrators group. If you want to take ownership of the contents of that folder, click to select the Replace
owner on subcontainers and objects check box.
Click OK. The following message appears, where folder name is the name of the folder that you want to take ownership of:
You do not have permission to read the contents of directory folder name. Do you want to replace the directory permissions
with permissions granting you Full Control?
All permissions will be replaced if you press Yes.
Click Yes.
Click OK, and then reapply the permissions and security settings that you want for the folder and its contents.
How to Take Ownership of a File
NOTE: You must be logged on to the computer using an account that has administrative privileges.
To take ownership of a file, follow these steps:
Right-click the file you want to take ownership of, and then click Properties.
Click the Security tab, and then click OK on the Security message (if one appears).
Click Advanced, and then click the Owner tab.
In the Name list click Administrator, or click the Administrators group, and then click OK.
The Administrator or Administrators group now owns the file. To change the permissions on the files and folders under
this folder, continue to step 5.
Click Add.
In the Enter the object names to select (examples) list, type the user or group account to which you want to give access
to the file. For example, Administrator.
Click OK.
In the Group or user names list, click the account that you want (for example, Administrator), and then click to select
the check boxes of the permissions that you want to assign that user. For example, Full Control [Allow]. When you are
finished assigning permissions, click OK.
ref: http://support.microsoft.com/?kbid=308421
ASKER
Thanks for all the advice, i follow your step but can't get through.
Actually this is not the take the ownership of the folder.
When i open administrative tools -->Active Directory Users & Computers , Right click Users--> Security...It prompt me "you only have permission to view current security info on users". I've done something wrong where i delete all the of administrator right under all of the user folder in AD Users & Computer.
My question will be How do i add in the administrator rights for me to edit/change permission to all of the users under USERS folder in AD Users & computer.
Pls help.
thank you.
Actually this is not the take the ownership of the folder.
When i open administrative tools -->Active Directory Users & Computers , Right click Users--> Security...It prompt me "you only have permission to view current security info on users". I've done something wrong where i delete all the of administrator right under all of the user folder in AD Users & Computer.
My question will be How do i add in the administrator rights for me to edit/change permission to all of the users under USERS folder in AD Users & computer.
Pls help.
thank you.
Start->Run->%systemroot%
Right-click the Security folder located there and choose properties.
Make sure that your administrator account has full control on the security tab found there...
Right-click the Security folder located there and choose properties.
Make sure that your administrator account has full control on the security tab found there...
ASKER
sirbounty, i'm not able to troubleshoot right now...i'll check when i'm in office. Our timezone too much different...anywhere i give you more info.......under my AD users & computer, got my server.com,we've builtin, computers,domain controllers, users,...etc....., where under my Users have around 40 of Users & Groups. I mis-configuration some of the Users & Groups security tab, i removed the administrator(default security), all i need is restore all of the administrator right under every Users/Group security tab without giving the administrator right to the normal domain users.
Thank you.
Thank you.
ASKER
Yes, my administrator account has full control on security tab...on %systemroot%-->security folder.
I still getting the error msg when i try to view my user properties in AD Users & Computer, "You only have permission to view the current security information on XXX user".
I still getting the error msg when i try to view my user properties in AD Users & Computer, "You only have permission to view the current security information on XXX user".
ASKER
Do you think that it's a good idea to restore system state???
http://support.microsoft.com/default.aspx?scid=kb;en-us;241594&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;241594&sd=tech
ASKER
Although i'm using administrator login, and my administrator login is in administrator group, i'm not able to recreate again in user security tab.
ASKER
I solved the problem by delegate control in domain level to my user account & i able to add back the administrator right to all of the user account in the domain. TQ.
Glad you got it sorted.
See here http:help.jsp#hs5 for how to obtain a refund...
See here http:help.jsp#hs5 for how to obtain a refund...
ASKER
Thank you, Sirbounty, i'll get a refund & thank for your advice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Maybe the administrator has no rights but he can give himself those rights