Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Adinistrator privileges exist but are not recognized

Posted on 2009-04-01
Medium Priority
Last Modified: 2013-12-27
I normally log into my Windows laptop with a user name that belongs to the administrators group.  The login also requires the specification of a domain.  I am however never physically connected to this domain.  The only time I connect to the domain is for the purposes of changing my Windows password.

I have one specific executable that I am unable to launch with this login because a pop-up is generated indicating that I must have administrator privileges.  As stated previously the login in question belongs to the administrators group.  Furthermore I am able to carry all administrative activities on this computer including such things as installing new programs, stopping and starting services etc.

 If I login to the same local  machine as administrator, without specifying a domain, then I am able to launch the executable.  Ideally, I would like to be able to launch this executable from the account that requires the specification of the domain.  I have yet to find something that is different with this account that would explain the symptoms that I am running into.  Any assistance you are able to provide in resolving this issue is much appreciated.

Thank you
Question by:danhar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 24041959
If you specify a domain when logging-in,  your problem application might be trying to get your user privileges from an active directory somewhere.. Why does your laptop ask you for a domain when you log in? I have XPSP3 and mine doesn't..  
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24042036
I have seen a similar issue , and it turned out to be stale / corrupt local group policy , try running Gpupdate /force


Author Comment

ID: 24042448
In response to Admin3k: running gpupdate /force did not solve the problem.  I am assuming that a reboot is not necessary.  I did however logout and log back in to test

In response to vertsyeux: I am not sure I can answer your question satisfactorily.  Even though I am not physically connected to the domain, I must specify the domain when I log into Windows.  If I do not, I am not able to login.  
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 24043229
I am wondering if this would further clarify the issue that I'm running into.  The enclosed attachment shows the name of the user that is used to log into Windows.  FYI, AMER is the name of the domain  in my office.  USROL-DHARARI1 is the computer name.

I seldom if ever connect to the AMER domain.  However, when I log into windows I must specify this domain in order to log in.  

I also noticed that I am unable to add a new user on my laptop.  For example, if I attempt to add a user "bob", the error shown in the second attachment appears.

Hopefully, this clarifies the problem.


Expert Comment

ID: 24043304
If your machine is a member of a domain, and your user credentials are domain credentials, then you will be required to use domain logon to login to the machine. The reason you can continue to login to the machine, even when your not connected to the Domain Controller, is because your login is cached on that machine.

Is your user added to the Local Administrator's group, as well as the Domain Administrator's group?

Expert Comment

ID: 24043337
In addition, the error message you attached indicates that you are attempting to add a non-existent user to the Administrator's group. You must first create the user, then add the user to the desired group.

Author Comment

ID: 24043492
I don't know if it is.  How would I add the user dharari to the Local Administrators group?  This might be all I need to do.  I suppose that if this were done, I would simply be able to log into my local machine as opposed to having to specify a domain.

As for the error message,  I made up the username thinking that it might help explain the problem I was running into.

Expert Comment

ID: 24043656
You will still need to login with your domain credentials, unless you make a local user to login with who is also a member of the Administrators group. Here's what you need to do.

Open Control Panel, and then Administrative Tools. Under Administrative Tools, open Computer Management.

(See the screen shot below for a visual reference.)

Select Local Users and Groups, and under Groups, double-click Administrators. Click the Add button at the bottom, and in the field where it asks for your user, simply type in DomainName\UserName (where DomainName = the name of your domain, and UserName = your domain user name.)

Click Check Names, and it should place an underline under the DomainName\UserName you entered. Then press OK, and it will add the specified user to the Administrators group.

Author Comment

ID: 24044009
Thanks for this information.  I will not be able to verify it until later on this evening.  I will keep you posted.

Expert Comment

ID: 24045637
My pleasure. Please let me know if this resolves your issue. :)

Author Comment

ID: 24051122
Hello Evelmike:

Your suggestions got me pointed in the right direction.  I created a local account on my laptop having the same name as my domain account.  I gave this account administrator privileges and I am now able to run the executable that previously did not run.  

The issue now is that when I log into the local account, I am pointed to a different location (referrring to Documents and Settings) than if I were to log into the domain account having the same name.  This has created a different set of issues.  In other words, although I log in using the same Windows username, Windows recognizes the two login accounts as different users with different files, desktops etc.

Is this something that you can comment on or would you treat this as a follow up question unrelated to the current one?  Your comments are much appreciated.

Accepted Solution

Evelmike earned 2000 total points
ID: 24051352
I'll comment on it, as it is a direct result of the solution to the issue.

Windows tracks users by SID, independent of the actual user name. So, you might have two users of identical name, one being a Domain user and the other being a Local user, however, they have unique SIDs.

In order to obtain access to the Domain user's Documents and other files and folders, you can simply apply Ownership on the domain user's directories under Documents and Settings.

To do this, simply right-click on the domain users directory under Documents and Settings, and select Properties. Under Properties, you will want to navigate to the Security tab. Under the Security tab, click the Advanced button near the bottom of the Security window.

Under Advanced, navigate to the Owner tab. Under Owner, select the local Administrators group (it will be COMPUTERNAME\Administrators), then check the box that says "Replace owner on subcontainers and objects" and click OK.

Click YES on the warning message that pops up, and wait until it has applied the Ownership to all files and folders within the directory.

Now that you have ownership, you need to give yourself some Permissions. Head to the Permissions tab (under the Advanced section where you found the Owner tab), select your local user OR the local Administrators group, UN-check the box that says "Inherit from parent..." and CHECK the box that says "Replace permission entries...", and select OK.

Again, wait for it to apply the settings to all of the files and directories. Once completed, you now have full access to your domain user's files and folders.

Keep in mind that this does not inherently remove permissions to these files and folders for your Domain user, but should you experience any issues accessing the files when logged in as your domain user, you can simply repeat these instructions, substituting your local user/admin group for your domain user/admin group.

Please, let me know if I may be of further assistance.

Author Closing Comment

ID: 31565449
Evelmike, many thanks for your thorough response to my questions!!!  This turned out to be a great learning experience.  I'm very satisfied with your help.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question