Solved

Local Administrator rights not being enforced

Posted on 2010-08-22
3
329 Views
Last Modified: 2013-12-04
Good Afternoon,

We now have an issue where local admin rights are not working

Basically, i have an AD group "Local Administrator Rights" on the domain. Then in group policy, in the "Restricted Group" settings i set domainname\local administrator rights into the "Administrators" group

Now, exisitn staff, this works great. Checking the local administrators group on each PC i can see this domain group is a member, which is good!

We got a new staff member who needs these rights, popped them in the group, now they started and dont have th rights, menus are missing in XP like changin wallpaper, but for the others its OK

I checked the PC and the group flowed down ok into local admins, so i created a new user as a test, same result, tried multiple machines, same result

Any help would be appreciated
0
Comment
Question by:wsc-it
3 Comments
 
LVL 17

Expert Comment

by:sgsm81
ID: 33498518
Check the security on the policies that have been applied

also logon as the user and run gpresult from a cmd window to see what policies are being applied
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33498542
Check where those user account are placed in domain (which OU). Probably they reside in OU where other people have these restrictions. You should move them to the rest of your users. To be sure if that policy affects those account, logon to the PC on one of them then from run box run RSoP.msc and analyze results.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 33561650
Hi.
Although you missed to give some feedback so far, here's another question. You wrote:
> Now, exisitn staff, this works great
You mean, until now, members of the domain group "Local Administrator Rights" could succesfully use admin rights on the wokstations, right? What about now? Can they still operate as admins, does your issue really only affect new members of that group?

Then, next question, you wrote:
> now they started and dont have th rights, menus are missing in XP like changin wallpaper
this is no judgement about admin rights. We all know GPOs can restrict admins, too, so to determine if an account is not only member of the local admin group but can indeed perform administrative tasks, I would start device manager for example. If nonadmin, you will get a popup at once saying that you won't be able to change anything here.

Feedback?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
OfficeMate Freezes on login or does not load after login credentials are input.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now