Solved

Creating Roaming Profiles and Administrative permissions Windows 2003 Server

Posted on 2004-09-29
6
235 Views
Last Modified: 2010-04-19
I've set up a couple of machines on my 2000 domain.
I've copied the user's local profiles over to the roaming profile on the server.
Although it doesn't happen on all of the machines I've done. It has happenned on a couple
where the roaming profile does not have Administrative permissions and I haven't found out where to
give the domain account administrative rights over the machine (the local machine - to install software, etc....)

Is there a setting for this, or do I have to set up a group policy. Or do I have to write a script?
And if I do have to write a script where can I get a script from?
Also I'm still puzzled as to why some accounts on XP machines have administrative rights eventhough they are domain accounts and why some are not.
I noticed that the roaming profiles arent' stored in the User Profiles listing in the System Properties in Control Panel - so how do I manipulate the domain user's permissions?

The same goes for some 2000 machines.

The server is a Windows 2003 server and 2000 and XP machines log onto it.

SJ
0
Comment
Question by:AccessMaster
  • 4
  • 2
6 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 12186386
You can control the local Admin group on client computers via a GPO with the Restricted Groups setting.  Basically, you create a domain security group and add all the domain users whom you wish to have local admin rights on clients to that group, then you use the GPO to specify that domain group as a member of the administrators group.  When that GPO is applied to clients, that group is added to the local administrators group and all users in it have local admin rights.  That can be dangerous though, ensure that you don't apply this GPO to sensitive systems (Exchange boxes, various servers, etc).  

As to why some accounts have local admin rights while others do not, I don't know enuogh about your configuration to make much of a guess.  What domain groups do these accounts belong to?  

What do you mean by "I noticed that the roaming profiles arent' stored in the User Profiles listing in the System Properties in Control Panel - so how do I manipulate the domain user's permissions?" ??  Profiles don't determine a user's permissions, that is done through security group membership.

-BR
0
 

Author Comment

by:AccessMaster
ID: 12188691
I don't have any Exchange servers all I have is a 2000 server and 2003 server on my domain.
The 2000 server is the PDC.
And I've put all the data on the 2003 server.

Do you know of a quick article that will show me how to set up this GPO?
Or can tell me the steps.

Not to confuse you, I used the wrong terminology above when I saisd the roaming proiles arent' stored in the user profiles listing, I meant to say the "user accounts that has the roaming profile isn't stored in the User Profiles listing in the sytem properties in control panel of the local computer".
Actually I think I've found out why some accounts have local admin rights while others don't.
Those accounts that do - are really still local because they are listed on the local machine in the User Accounts as Domainname\useraccount - whereas the useraccounts that don't have admin rights are not listed in the User Accounts listing in Control Panel or on the Advanced tab setting for User Profiles in the System Properties in control panel.

With me clarifying that - do I still need to make a GPO to make this happen?

0
 
LVL 10

Accepted Solution

by:
BloodRed earned 100 total points
ID: 12189313
You can still control the local admin groups via a GPO, here is some info on using the Restricted Groups setting:

http://support.microsoft.com/default.aspx?scid=kb;en-us;279301
http://support.microsoft.com/default.aspx?scid=kb;en-us;228496
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
http://support.microsoft.com/default.aspx?scid=kb;en-us;320045

Those articles explain how to configure a GPO and how Restricted Groups works, let me know if that helps.

-BR
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:AccessMaster
ID: 12193184
O.K. I'm just getting to work on this now.
I'll let you know how it's going before 5:00PM
0
 

Author Comment

by:AccessMaster
ID: 12311101
Blood Red or anybody,

I am still having an ordeal with these roaming profiles.
For one thing they cause the machine to take a long time to finally get to the logon screen
and I'm still not clear on how to give a domain user local administrative rights and not domain administrator rights.

I'm specifically having problems getting a 2000 machine to keep the type of a domain user's account as local administrator. Everytime she turns it on the next day it looses all mapped network drives and she doesn't have
local administrative rights at all - even after I give her domain account administrative rights logged on as the local administrator.

SOmebody please help this is an SOS.
0
 

Author Comment

by:AccessMaster
ID: 12569311
It's fixed now, eventhough I've done several steps in addition to the one Blood Mentioned above.
It's not to straight forward at all - for a person that's totally new to this.

Thanks Blood Red for your help - you got me going in the right direction.
Regards...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question