Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

Adinistrator privileges exist but are not recognized

I normally log into my Windows laptop with a user name that belongs to the administrators group.  The login also requires the specification of a domain.  I am however never physically connected to this domain.  The only time I connect to the domain is for the purposes of changing my Windows password.

I have one specific executable that I am unable to launch with this login because a pop-up is generated indicating that I must have administrator privileges.  As stated previously the login in question belongs to the administrators group.  Furthermore I am able to carry all administrative activities on this computer including such things as installing new programs, stopping and starting services etc.

 If I login to the same local  machine as administrator, without specifying a domain, then I am able to launch the executable.  Ideally, I would like to be able to launch this executable from the account that requires the specification of the domain.  I have yet to find something that is different with this account that would explain the symptoms that I am running into.  Any assistance you are able to provide in resolving this issue is much appreciated.

Thank you
0
danhar
Asked:
danhar
1 Solution
 
vertsyeuxCommented:
If you specify a domain when logging-in,  your problem application might be trying to get your user privileges from an active directory somewhere.. Why does your laptop ask you for a domain when you log in? I have XPSP3 and mine doesn't..  
0
 
Mohamed OsamaSenior IT ConsultantCommented:
I have seen a similar issue , and it turned out to be stale / corrupt local group policy , try running Gpupdate /force

0
 
danharAuthor Commented:
In response to Admin3k: running gpupdate /force did not solve the problem.  I am assuming that a reboot is not necessary.  I did however logout and log back in to test

In response to vertsyeux: I am not sure I can answer your question satisfactorily.  Even though I am not physically connected to the domain, I must specify the domain when I log into Windows.  If I do not, I am not able to login.  
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
danharAuthor Commented:
I am wondering if this would further clarify the issue that I'm running into.  The enclosed attachment shows the name of the user that is used to log into Windows.  FYI, AMER is the name of the domain  in my office.  USROL-DHARARI1 is the computer name.

I seldom if ever connect to the AMER domain.  However, when I log into windows I must specify this domain in order to log in.  

I also noticed that I am unable to add a new user on my laptop.  For example, if I attempt to add a user "bob", the error shown in the second attachment appears.

Hopefully, this clarifies the problem.

Thanks
UserAccount.jpg
errormsg.jpg
0
 
EvelmikeCommented:
If your machine is a member of a domain, and your user credentials are domain credentials, then you will be required to use domain logon to login to the machine. The reason you can continue to login to the machine, even when your not connected to the Domain Controller, is because your login is cached on that machine.

Is your user added to the Local Administrator's group, as well as the Domain Administrator's group?
0
 
EvelmikeCommented:
In addition, the error message you attached indicates that you are attempting to add a non-existent user to the Administrator's group. You must first create the user, then add the user to the desired group.
0
 
danharAuthor Commented:
I don't know if it is.  How would I add the user dharari to the Local Administrators group?  This might be all I need to do.  I suppose that if this were done, I would simply be able to log into my local machine as opposed to having to specify a domain.

As for the error message,  I made up the username thinking that it might help explain the problem I was running into.
0
 
EvelmikeCommented:
You will still need to login with your domain credentials, unless you make a local user to login with who is also a member of the Administrators group. Here's what you need to do.

Open Control Panel, and then Administrative Tools. Under Administrative Tools, open Computer Management.

(See the screen shot below for a visual reference.)

Select Local Users and Groups, and under Groups, double-click Administrators. Click the Add button at the bottom, and in the field where it asks for your user, simply type in DomainName\UserName (where DomainName = the name of your domain, and UserName = your domain user name.)

Click Check Names, and it should place an underline under the DomainName\UserName you entered. Then press OK, and it will add the specified user to the Administrators group.
New-Picture--10-.bmp
New-Picture--9-.bmp
0
 
danharAuthor Commented:
Thanks for this information.  I will not be able to verify it until later on this evening.  I will keep you posted.
0
 
EvelmikeCommented:
My pleasure. Please let me know if this resolves your issue. :)
0
 
danharAuthor Commented:
Hello Evelmike:

Your suggestions got me pointed in the right direction.  I created a local account on my laptop having the same name as my domain account.  I gave this account administrator privileges and I am now able to run the executable that previously did not run.  

The issue now is that when I log into the local account, I am pointed to a different location (referrring to Documents and Settings) than if I were to log into the domain account having the same name.  This has created a different set of issues.  In other words, although I log in using the same Windows username, Windows recognizes the two login accounts as different users with different files, desktops etc.

Is this something that you can comment on or would you treat this as a follow up question unrelated to the current one?  Your comments are much appreciated.
0
 
EvelmikeCommented:
I'll comment on it, as it is a direct result of the solution to the issue.

Windows tracks users by SID, independent of the actual user name. So, you might have two users of identical name, one being a Domain user and the other being a Local user, however, they have unique SIDs.

In order to obtain access to the Domain user's Documents and other files and folders, you can simply apply Ownership on the domain user's directories under Documents and Settings.

To do this, simply right-click on the domain users directory under Documents and Settings, and select Properties. Under Properties, you will want to navigate to the Security tab. Under the Security tab, click the Advanced button near the bottom of the Security window.

Under Advanced, navigate to the Owner tab. Under Owner, select the local Administrators group (it will be COMPUTERNAME\Administrators), then check the box that says "Replace owner on subcontainers and objects" and click OK.

Click YES on the warning message that pops up, and wait until it has applied the Ownership to all files and folders within the directory.

Now that you have ownership, you need to give yourself some Permissions. Head to the Permissions tab (under the Advanced section where you found the Owner tab), select your local user OR the local Administrators group, UN-check the box that says "Inherit from parent..." and CHECK the box that says "Replace permission entries...", and select OK.

Again, wait for it to apply the settings to all of the files and directories. Once completed, you now have full access to your domain user's files and folders.

Keep in mind that this does not inherently remove permissions to these files and folders for your Domain user, but should you experience any issues accessing the files when logged in as your domain user, you can simply repeat these instructions, substituting your local user/admin group for your domain user/admin group.

Please, let me know if I may be of further assistance.
0
 
danharAuthor Commented:
Evelmike, many thanks for your thorough response to my questions!!!  This turned out to be a great learning experience.  I'm very satisfied with your help.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now