Solved

Local Administrator rights not being enforced

Posted on 2010-08-22
3
332 Views
Last Modified: 2013-12-04
Good Afternoon,

We now have an issue where local admin rights are not working

Basically, i have an AD group "Local Administrator Rights" on the domain. Then in group policy, in the "Restricted Group" settings i set domainname\local administrator rights into the "Administrators" group

Now, exisitn staff, this works great. Checking the local administrators group on each PC i can see this domain group is a member, which is good!

We got a new staff member who needs these rights, popped them in the group, now they started and dont have th rights, menus are missing in XP like changin wallpaper, but for the others its OK

I checked the PC and the group flowed down ok into local admins, so i created a new user as a test, same result, tried multiple machines, same result

Any help would be appreciated
0
Comment
Question by:wsc-it
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Expert Comment

by:sgsm81
ID: 33498518
Check the security on the policies that have been applied

also logon as the user and run gpresult from a cmd window to see what policies are being applied
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33498542
Check where those user account are placed in domain (which OU). Probably they reside in OU where other people have these restrictions. You should move them to the rest of your users. To be sure if that policy affects those account, logon to the PC on one of them then from run box run RSoP.msc and analyze results.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 33561650
Hi.
Although you missed to give some feedback so far, here's another question. You wrote:
> Now, exisitn staff, this works great
You mean, until now, members of the domain group "Local Administrator Rights" could succesfully use admin rights on the wokstations, right? What about now? Can they still operate as admins, does your issue really only affect new members of that group?

Then, next question, you wrote:
> now they started and dont have th rights, menus are missing in XP like changin wallpaper
this is no judgement about admin rights. We all know GPOs can restrict admins, too, so to determine if an account is not only member of the local admin group but can indeed perform administrative tasks, I would start device manager for example. If nonadmin, you will get a popup at once saying that you won't be able to change anything here.

Feedback?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question