Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SBS 2003:  Domain Admin is required for clients (users) to do anything...why?

Posted on 2004-08-30
3
Medium Priority
?
923 Views
Last Modified: 2010-08-05
Hi All,

Can someone explain to me what the difference between Domain Admin, Domain Power User, Local Administrator, and Administrator are on a Windows 2003 SBS domain?

It seems that my users must be Domain Admins to even get the properties of a shortcut on the desktop (for example).  Confused.

Thanks,
Terry
0
Comment
Question by:colepc
3 Comments
 
LVL 20

Expert Comment

by:What90
ID: 11938673
Hello Terry,

Domain Admin = total control of network - only network admins should have these
Domain Power User = have more that standard user right to network system
Local Administrator = Total control of the local machine
Administrator = generalisation

What excatly are you trying to achive? If the users are part of the Domain Users group they should be able to create a shortcut on their desktop unless a Group Policy is blocking them.


Post back with some more details.

Chris
0
 
LVL 12

Accepted Solution

by:
Housenet earned 1000 total points
ID: 11938690
Hello,
Here is the deal...
The Domain provides pre-defined groups and users as part of a security context that is central.
PC's and non-domain server have local users and groups.
-When a PC or Server (non dc) join a domain the domain's security context does not eliminate the Local security context, it merges with it. The right combination of domain groups having rights to local resources provides flexable security options based on user and or group membership.

When a PC running NT (NT4,2000 orXP) is joined to a domain, by default the domain controller adds domain administrators to local administrators on the PC and adds the domain users to the local pc users group. If you combine this restrictive set of permissions with a shortcut that also has some security settings assigned you get the results you described.  The solution is this...
1. Log in to the PC as say the domain administrator.
2. Add the group Domain Users to the LOCAL\Administrators.
3. Login as a domain user... The domain user will now have full control of the local PC.
-This is an example... Adding domain users to Power users might be sufficient for your needs and will not allow a user to add new applications that can affect the stability of windows.
0
 

Author Comment

by:colepc
ID: 12119629
Housenet, a belated thanks for your advice.  I've come back to this for a second dose.  Thanks, again!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Learn about cloud computing and its benefits for small business owners.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question