Solved

Local Administrator rights not being enforced

Posted on 2010-08-22
3
328 Views
Last Modified: 2013-12-04
Good Afternoon,

We now have an issue where local admin rights are not working

Basically, i have an AD group "Local Administrator Rights" on the domain. Then in group policy, in the "Restricted Group" settings i set domainname\local administrator rights into the "Administrators" group

Now, exisitn staff, this works great. Checking the local administrators group on each PC i can see this domain group is a member, which is good!

We got a new staff member who needs these rights, popped them in the group, now they started and dont have th rights, menus are missing in XP like changin wallpaper, but for the others its OK

I checked the PC and the group flowed down ok into local admins, so i created a new user as a test, same result, tried multiple machines, same result

Any help would be appreciated
0
Comment
Question by:wsc-it
3 Comments
 
LVL 17

Expert Comment

by:sgsm81
Comment Utility
Check the security on the policies that have been applied

also logon as the user and run gpresult from a cmd window to see what policies are being applied
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
Comment Utility
Check where those user account are placed in domain (which OU). Probably they reside in OU where other people have these restrictions. You should move them to the rest of your users. To be sure if that policy affects those account, logon to the PC on one of them then from run box run RSoP.msc and analyze results.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hi.
Although you missed to give some feedback so far, here's another question. You wrote:
> Now, exisitn staff, this works great
You mean, until now, members of the domain group "Local Administrator Rights" could succesfully use admin rights on the wokstations, right? What about now? Can they still operate as admins, does your issue really only affect new members of that group?

Then, next question, you wrote:
> now they started and dont have th rights, menus are missing in XP like changin wallpaper
this is no judgement about admin rights. We all know GPOs can restrict admins, too, so to determine if an account is not only member of the local admin group but can indeed perform administrative tasks, I would start device manager for example. If nonadmin, you will get a popup at once saying that you won't be able to change anything here.

Feedback?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now