Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Local Administrator rights not being enforced

Good Afternoon,

We now have an issue where local admin rights are not working

Basically, i have an AD group "Local Administrator Rights" on the domain. Then in group policy, in the "Restricted Group" settings i set domainname\local administrator rights into the "Administrators" group

Now, exisitn staff, this works great. Checking the local administrators group on each PC i can see this domain group is a member, which is good!

We got a new staff member who needs these rights, popped them in the group, now they started and dont have th rights, menus are missing in XP like changin wallpaper, but for the others its OK

I checked the PC and the group flowed down ok into local admins, so i created a new user as a test, same result, tried multiple machines, same result

Any help would be appreciated
0
wsc-it
Asked:
wsc-it
1 Solution
 
SteveIT ManagerCommented:
Check the security on the policies that have been applied

also logon as the user and run gpresult from a cmd window to see what policies are being applied
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Check where those user account are placed in domain (which OU). Probably they reside in OU where other people have these restrictions. You should move them to the rest of your users. To be sure if that policy affects those account, logon to the PC on one of them then from run box run RSoP.msc and analyze results.
0
 
McKnifeCommented:
Hi.
Although you missed to give some feedback so far, here's another question. You wrote:
> Now, exisitn staff, this works great
You mean, until now, members of the domain group "Local Administrator Rights" could succesfully use admin rights on the wokstations, right? What about now? Can they still operate as admins, does your issue really only affect new members of that group?

Then, next question, you wrote:
> now they started and dont have th rights, menus are missing in XP like changin wallpaper
this is no judgement about admin rights. We all know GPOs can restrict admins, too, so to determine if an account is not only member of the local admin group but can indeed perform administrative tasks, I would start device manager for example. If nonadmin, you will get a popup at once saying that you won't be able to change anything here.

Feedback?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now