Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

Do Active Directory Resctrictions take privilege over local ones

Hi, We have active directory setup, one of our users is restricted from basically doing anything, but i want to give him full access to his machine, i added his domain user as a local administrator but this does not seem to work

any help

aprecciated
0
m3mn0ck
Asked:
m3mn0ck
1 Solution
 
iwontleaveyouCommented:
Add the users account in active directory to his computer name.

go to user -->properties-->memberof-->Add the(computername).
0
 
wparrottCommented:
As long as the domain user is in the local Administrators group, the user should have un-restricted access to the computer. If you login with a domain admin account, do you have unrestricted access?

To test further, create a new domain user account, add it to the local Administrators group and login using that account on the workstation. Does that account have unrestricted access?

HTH...
0
 
swinterbornCommented:
If the user has restrictions placed on them by a GPO in AD, the restrictions will apply irrespective of what rights they have on the machine. You need to know where these restrictions are being applied before finding a solution:

What is the OU structure in AD?
Is the GPO applying the restriction based on the machine or the user?
What is the restriction that is affecting the user?

Depending on the answers, there are a number of options:

Create a new OU and GPO for this user/machine underneath the existing one, set inherit all existing policies and use the GPO to overwrite only the policies which are preventing the user from working. (This would be ideal - if a different user had the same issue, moving their acccount to the new OU would solve the problem)
Place an ACL on the GPO preventing it from applying to your user/machine (Useful for troubleshooting, but overkill for a long term fix, and may cause more problems than it fixes)
And many more, probably as many options as there are AD deployment scenarios.

Cheers


0
 
PennGwynCommented:
Yes, GPO restrictions are applied to the machine *after* local policies.

0
 
rafael_accCommented:
Maybe you forgot to re-login (logoff and login again that user). if so, Do it!!! If wanna know why, let me know.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now